I think Apple uses haveibeenpwned.com The pw manager listed three nostr keys that leaked from Damus