"Have I Been Pwned?"
Is it legitimate?
Here is a link to Wikipedia talking about the website:
haveibeenpwned (wikipedia link with definition)
I have not included a live link to the website: "Have I been Pwned?" itself in this post.
That can be "Googled".
An excerpt from that Wikipedia link:
Have I Been Pwned? (HIBP, with "Pwned" pronounced like "poned") is a website that allows internet users to check if their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.
As of November 2017, Have I Been Pwned? receives around sixty thousand daily visitors, the site has over 1.7 million active email subscribers and contains records of over 4.8 billion accounts from over 251 data breaches.