diff --git a/api/src/services/authentication.ts b/api/src/services/authentication.ts
index 259f90664d..9704099ccb 100644
--- a/api/src/services/authentication.ts
+++ b/api/src/services/authentication.ts
@@ -255,6 +255,8 @@ export class AuthenticationService {
 
 	async refresh(refreshToken: string): Promise<Record<string, any>> {
 		const { nanoid } = await import('nanoid');
+		const STALL_TIME = env['LOGIN_STALL_TIME'];
+		const timeStart = performance.now();
 
 		if (!refreshToken) {
 			throw new InvalidCredentialsException();
@@ -304,6 +306,18 @@ export class AuthenticationService {
 			throw new InvalidCredentialsException();
 		}
 
+		if (record.user_id && record.user_status !== 'active') {
+			await this.knex('directus_sessions').where({ token: refreshToken }).del();
+
+			if (record.user_status === 'suspended') {
+				await stall(STALL_TIME, timeStart);
+				throw new UserSuspendedException();
+			} else {
+				await stall(STALL_TIME, timeStart);
+				throw new InvalidCredentialsException();
+			}
+		}
+
 		if (record.user_id) {
 			const provider = getAuthProvider(record.user_provider);
 
diff --git a/contributors.yml b/contributors.yml
index 14e65aaab3..e36880efb0 100644
--- a/contributors.yml
+++ b/contributors.yml
@@ -7,6 +7,7 @@
 - bicouy0
 - Nitwel
 - azrikahar
+- diegoleme
 - u12206050
 - that1matt
 - jaads