haveibeenpwned keeps track of publicly disclosed user account breaches. We can use their API to detect when a user has their email found in a new breech and should invalidate all the sessions for that user along with requiring password reset for that user if their email is detected in the breech.
Source CM
haveibeenpwned keeps track of publicly disclosed user account breaches. We can use their API to detect when a user has their email found in a new breech and should invalidate all the sessions for that user along with requiring password reset for that user if their email is detected in the breech.