Data breach of computing systems is a growing dilemma, one that can expose a wide range of personally identifiable information and/or account credentials. Hackers are becoming increasingly proficient at leveraging stolen account credentials on other systems where users may have adopted the same account credentials. Stolen account credentials can be valid on other systems, particularly in instances where users adopt the same email address and password combination across systems. Hackers will make numerous requests to login to various systems using the stolen account credentials in an attempt to determine if any of the stolen account credentials are valid on these systems. When account credentials are not valid on other systems, hackers patiently hold onto the stolen information, waiting for the possibility that users re-adopt the same account credentials stolen from the initial data breach. In this regard, if owners of the stolen identities set or reset their passwords on these systems to match the stolen passwords, they will unknowingly open their accounts to unlawful access by the hackers.
Computing systems regularly employ password blacklists designed to prevent users from adopting certain passwords in association with their accounts. While traditional methods for blacklisting passwords are generally limited to the user's password history, a system or method that can automatically supplement password blacklists with passwords associated with detected suspicious activities would be highly beneficial.