Check haveibeenpwned.com's breach repository for an exchange 2007+ environment (requires PoweShell 3+ and Exchange Module Loaded)

gistfile1.txt

Get-Mailbox -ResultSize Unlimited | ForEach-Object {    }

$Mailboxes = Get-Mailbox -ResultSize Unlimited
$Results = @()
foreach ($mailbox in $Mailboxes)
{
    $s = $mailbox.PrimarySmtpAddress.ToString() -replace "@","%40"
    $r = $null
    $r = Invoke-WebRequest -URI  "https://haveibeenpwned.com/api/v2/breachedaccount/$($s)" -Method GET -UserAgent "PsBreachFinder" -ErrorAction SilentlyContinue
    if ($r -ne $null) 
    {
        $result = New-Object -TypeName PSObject
        $result | Add-Member NoteProperty EmailAddress($($mailbox.PrimarySmtpAddress.ToString()))
        $result | Add-Member NoteProperty Result($r)
        $Results += $result
    }
}
$Results | Format-Table -AutoSize