Is It Compromised keeps a database of all leaked passwords / password lists. When you enter a password, it is hashed before it is sent to the server. The server checks if this hash is in its database and lets you know. This site is built with NodeJS using Websockets and a MongoDB.
The Stats keep track of the number of searches that returned a compromised result, and the number that returned a non compromised result. This is simply an incremental counter, it does not store any searches whatsoever. The source code is available Here.
Like it and want it to keep running? Here is my Bitcoin Address: 1JAotH9xy39pNEQUZqRqRMYwx4GzL5iK5S
August 20th: -Better server added. Old server was 32bit and had a limited database size. This limitation is no longer here.
-Search stats: The site now counts the stats of number of searched compromised / uncompromised passwords. This is just an incremental counter, the server does not keep track of searches.