Problem statement
The following email was received:
A user’s account may have been hacked, compromised, or stolen.
There was a security incident on another website unrelated to
<tenant name>
. The user’s account is at risk because they were using the same password in both places.
The login attempt by user<username>
was blocked. A notification has been sent to the user’s email, indicating that a password change is required.
Additional information may be available in your tenant logs.
If you want to stop receiving this email, or want to change its frequency, please change your notification settings.
You’re receiving this email because you have an account in Auth0. If you are not sure why you’re receiving this, please contact us through our Support Center.
What triggers this email?
Cause
This is triggered by breached password protection when a user logs in with credentials known to have been leaked elsewhere.
Solution
This is triggered by breached password protection when a user logs in with credentials known to have been leaked elsewhere.
It’s possible to find breached password events in the tenant logs in the dashboard using the filter type:pwd_leak
. Breached password events will include the email address of the user and the IP address from which the login attempt was made.