User Password Breach

User Password Breach

FusionAuth Reactor logo

This feature is only available in paid plans. Please visit our pricing page to learn more.

This event has been available since 1.15.0

This event is generated when Reactor detects a user is using a vulnerable, or breached password. This event will only occur during login when the Tenant is not configured to require the user to change their password. All other breached password detections will occur during password validation and because the user will not be allowed to use the password.

Event type
user.password.breach

Event Scope

This is a tenant scoped event.

Prior to version 1.37.0 this event was sent to all webhooks, and it was a webhook's responsibility to filter on the tenantId field.

In version 1.37.0 and later, this event will only be sent to tenants for which webhooks for this event are enabled.

Prior to version 1.37.0 this was a tenant scoped event. This event will be sent to all tenants that are listening, but will contain a tenantId to allow for filtering.

In version 1.37.0 and later this is also a tenant scoped event. It can be sent to all tenants or to one or more specified tenants. However, those tenants will not be sent events for other tenants, but only events related to themselves.

Transaction Compatibility

This event is transactional. The final state of the operation which caused the webhook is not persisted to FusionAuth until after the webhook finishes; learn more

Event Body

event.createInstantLong

The instant that the event was generated.

event.idUUID

The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.

event.info.dataObjectAvailable since 1.30.0

An object that can hold any information about the event that should be persisted.

event.info.deviceDescriptionStringAvailable since 1.30.0

The description of the device associated with the event.

event.info.deviceNameStringAvailable since 1.30.0

The device name associated with the event.

event.info.deviceTypeStringAvailable since 1.30.0

The type of device associated with the event.

event.info.ipAddressStringAvailable since 1.27.0

The source IP address of the event.

event.info.location.cityStringAvailable since 1.30.0

The city where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.location.countryStringAvailable since 1.30.0

The country where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.location.latitudeDoubleAvailable since 1.30.0

The latitude where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.location.longitudeDoubleAvailable since 1.30.0

The longitude where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.location.regionStringAvailable since 1.30.0

The geographic location where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.location.zipcodeStringAvailable since 1.30.0

The zip code where the event originated.

Note: An Enterprise plan is required to utilize event location data.

event.info.osStringAvailable since 1.30.0

The operating system associated with the event.

event.info.userAgentStringAvailable since 1.30.0

The user agent associated with the event.

event.tenantIdUUID

The unique tenant identifier. This value may not be returned if not applicable.

event.typeString

The event type, this value will always be user.password.breach.

event.userObject

The user that failed the login request. See the Users API for property definitions and example JSON.

Example Event JSON

{
  "event": {
    "createInstant": 1505762615056,
    "id": "e502168a-b469-45d9-a079-fd45f83e0406",
    "tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
    "type": "user.password.breach",
    "user": {
      "active": true,
      "connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
      "email": "example@fusionauth.io",
      "id": "00000000-0000-0001-0000-000000000000",
      "breachedPasswordStatus": "ExactMatch",
      "breachedPasswordLastCheckedInstant": 1505762615056,
      "passwordChangeReason": "Breached",
      "passwordChangeRequired": true,
      "registrations": [
        {
          "applicationId": "10000000-0000-0002-0000-000000000001",
          "id": "00000000-0000-0002-0000-000000000000",
          "insertInstant": 1446064706250,
          "roles": [
            "user"
          ],
          "usernameStatus": "ACTIVE"
        }
      ],
      "tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
      "twoFactorEnabled": false,
      "usernameStatus": "ACTIVE",
      "verified": true
    }
  }
}