Previously Compromised Accounts

Password reuse is very common. Some of the passwords associated with these accouts might be still valid and might be applicable even if there is 2FA in place.

Impact

Attackers may obtain access by exploiting password reuse.

Solution

Ensure these passwords are no longer valid and if possible blacklist them.