k-anonymity for MAC addresses
tl;dr: only store the first n bytes of the mac address hash, thus allowing for k-anonymity and greatly reducing the usefulness of brute force attacks against the stored hashes. To verify if a mac address is present, calculate its hash and check for a matching prefix. Depending on the shortness of the prefix there could be multiple results. It should be easy to find a prefix length that has a low enough probability of a collision that still allows for a great number of candidates in a brute force attack.
Example of a similar API: https://haveibeenpwned.com/API/v3#SearchingPwnedPasswordsByRange
Paper regarding k-anonymity for MAC addresses: https://doi.org/10.48550/arXiv.2005.06580
CC: @mrq