It uses the API available at https://haveibeenpwned.com/. There is a sample web page (from the Daily Data client site).
This is open source under the BSD license which allows you to do whatever you want, so long as you give attribution to https://haveibeenpwned.com/
You can download the file at http://unixservertech.com/scripts/pwned.zip
You can see it in action by going to http://unixservertech.com/pwned/pwned.html