User email
Expired refresh token provided.
An unknown user attempted to steal your login data. Please get in touch with one of your administrators.
Administrator email
Expired refresh token provided.
An unknown user attempted to identify as (email address) This is a potential security issue. Please investigate!
I have temporarily suspended the user’s account as a precaution until further guidance is available…
What is an administrator expected do in this situation?
Which passbolt API version are you using? This email notification has been replaced with an error log from the latest (v5.4.0) version because it’s not possible to know if it’s an actual attacker or Client misusing the API.
In this case, generally there’s nothing for you to do, but you can use some log aggregation and SIEM integration tools to determine if there’s some usual activity.
Currently v5.3.2 is installed, so will update to v5.4.x as you suggested. Thanks for the information.
