Let your users know, that their password is not safe...
HaveIBeenPwned.com is project gatehring informations about password breaches, and collecting compromised passwords. It means, if your password (not necessarily password of your account) was somewhere published by hackers, who hacked some passwords database, it will be listed there. And if so, the password is propably not secure anymore.
n3t HaveIBeenPwned checks users passwords during login process, and during registration, or whenever user changes his password. If compromised password is detected, warning is displayed to user or, optionally, user cannot use such password.
Note thaht communication with HaveIBeenPwned.com API is absolutely anonymous, no passwords are sent through the API, only small parts of hash of password is being used (for further info see API documentation).