Detect stolen login credentials

Detect stolen login credentials ’ information to gain access to sensitive systems, accounts, and networks with the intent of committing unauthorized activities. Using this stolen info, attackers can engage in identity theft, financial fraud, data breaches, and even corporate espionage.

Track dark web leaks with API

The thriving underground marketplace for stolen credentials fuels the persistence of this crime. Users are prone to reusing passwords and usernames on multiple sites, making the exploitation of these credentials relatively easy for attackers. In addition, malware and keyloggers can capture and store passwords on a device or in the cloud.

Leaked credentials can be found in a variety of places including Pastebin and other text-sharing forums, dark web marketplaces, open-source repositories that are misconfigured, or by breach notification services (e.g., Have I Been Pwned). In addition, attacks such as credential stuffing – using automated bot software to rapidly “stuff” leaked credentials against multiple systems in an attempt to find successful logins – make them an attractive and profitable commodity for criminals.

Auth0’s Breached Password Detection looks for suspicious activity that indicates compromised credential exploitation. This includes login notifications from new devices or unfamiliar locations that could indicate the use of a virtual private network to mask their location and identity. It also looks for unusual downloads and uploads of files from the account that could indicate the transfer of information away from the user’s account.

Once a breached password is detected, Auth0 notifies the user and blocks them from logging in until they change their password. By combining this detection with the ability to require MFA for all signups, Auth0 can prevent new accounts from being created and logged in with stolen info.