I agree that it would add a lot of value to Brave. This is something that we’ve been wanting to do for a while but haven’t gotten around to yet:
It turns out that one can use fancy cryptography to check whether or not locally-stored passwords are part of a list of compromised passwords hosted on a server without sharing the passwords with the server. So it can be done in a privacy-conscious way. Our Research team has prototyped such a system. Of course, one of the problems that one has to solve in order to provide a useful service is to get enough fresh data about compromised accounts and passwords.
All of this to say that we don’t have it yet, but we have done some work around trying to find a “Brave way” of doing this. You can subscribe to the above GitHub issue if you’d like to receive an update when we have more to share about that feature.