If Ring has per-user salts, which I assume they do, they'll have to hash each breached password individually for each Ring user. So multiply the number of breached passwords by the number of Ring users by the time a hash takes (slower is better) and you get a huge amount of CPU cost.