User Password Breach
User Password Breach
This event has been available since 1.15.0
This event is generated when Reactor detects a user is using a vulnerable, or breached password. This event will only occur during login when the Tenant is not configured to require the user to change their password. All other breached password detections will occur during password validation and because the user will not be allowed to use the password.
user.password.breach
Event Scope
This is a tenant scoped event.
Transaction Compatibility
This event is transactional. The final state of the operation which caused the webhook is not persisted to FusionAuth until after the webhook finishes; learn more.
Event Body
- event.createInstant [Long]
-
The instant that the event was generated.
- event.id [UUID]
-
The unique Id of the event. You may receive an event more than once based upon your transaction settings. This Id may be used to identify a duplicate event.
- event.info.data [Object] Available since 1.30.0
-
An object that can hold any information about the event that should be persisted.
- event.info.deviceDescription [String] Available since 1.30.0
-
The description of the device associated with the event.
- event.info.deviceName [String] Available since 1.30.0
-
The device name associated with the event.
- event.info.deviceType [String] Available since 1.30.0
-
The type of device associated with the event.
- event.info.ipAddress [String] Available since 1.27.0
-
The source IP address of the event.
- event.info.location.city [String] Available since 1.30.0
-
The city where the event originated.
Note: A paid edition of FusionAuth is required to utilize event info location.
- event.info.location.country [String] Available since 1.30.0
-
The country where the event originated.
Note: A paid edition of FusionAuth is required to utilize event info location.
- event.info.location.latitude [String] Available since 1.30.0
-
The latitude where the event originated.
Note: A paid edition of FusionAuth is required to utilize event info location.
- event.info.location.longitude [String] Available since 1.30.0
-
The longitude where the event originated.
Note: A paid edition of FusionAuth is required to utilize event info location.
- event.info.location.region [String] Available since 1.30.0
-
The geographic location where the event originated.
Note: A paid edition of FusionAuth is required to utilize event info location.
- event.info.location.zipcode [String] Available since 1.30.0
-
The zip code where the event originated.
Note: A paid edition of FusionAuth is required to utilize event info location.
- event.info.os [String] Available since 1.30.0
-
The operating system associated with the event.
- event.info.userAgent [String] Available since 1.30.0
-
The user agent associated with the event.
- event.tenantId [UUID]
-
The unique tenant identifier. This value may not be returned if not applicable.
- event.type [String]
-
The event type, this value will always be
user.password.breach
. - event.user [Object]
-
The user that failed the login request. See the Users API for property definitions and example JSON.
{
"event": {
"createInstant": 1505762615056,
"id": "e502168a-b469-45d9-a079-fd45f83e0406",
"tenantId": "e872a880-b14f-6d62-c312-cb40f22af465",
"type": "user.password.breach",
"user": {
"active": true,
"connectorId": "e3306678-a53a-4964-9040-1c96f36dda72",
"email": "example@fusionauth.io",
"id": "00000000-0000-0001-0000-000000000000",
"breachedPasswordStatus" : "ExactMatch",
"breachedPasswordLastCheckedInstant" : 1505762615056,
"passwordChangeReason": "Breached",
"passwordChangeRequired" : true,
"registrations": [
{
"applicationId": "10000000-0000-0002-0000-000000000001",
"id": "00000000-0000-0002-0000-000000000000",
"insertInstant": 1446064706250,
"roles": [
"user"
],
"usernameStatus": "ACTIVE"
}
],
"tenantId": "f24aca2b-ce4a-4dad-951a-c9d690e71415",
"twoFactorEnabled": false,
"usernameStatus": "ACTIVE",
"verified": true
}
}
}