I have a login to a website for which the website itself, it appears, has generated a couple of duplications. I think it is generated by/or sent to a Microsoft Authorization system called b2clogin.
Compromised-Password Detection logs these duplications as reuse