The only real benefit to a darkweb scan is to be able to tell what passwords are actually compromised so users can discontinue them (and any similar ones). Some reports I've used show at least part of the password where others provide the full text, anything here would really help turn this into something the client can take action on.