No. You take the compromised plaintext password, hash it using the same algorithm you typically do for your customers, then you check the hash for matches in your database of existing customer password hashes.
Not if your only checking 1 possibility rather than a few million.
It could take on the order of a few seconds per password in the worst case. Normally a few Milliseconds.
So 1,000,000 breached passwords * 100ms per check is 100,000 CPU seconds or about 30 CPU hours to check all passwords. The is easily paraliseable so imagine more like 10-20 minutes in parallel.