diff --git a/pkg/detectors/gitlab/v1/gitlab.go b/pkg/detectors/gitlab/v1/gitlab.go
index a4d57be56b2e..62a5db140e96 100644
--- a/pkg/detectors/gitlab/v1/gitlab.go
+++ b/pkg/detectors/gitlab/v1/gitlab.go
@@ -34,6 +34,8 @@ func (Scanner) CloudEndpoint() string { return "https://gitlab.com" }
 var (
 	defaultClient = common.SaneHttpClient()
 	keyPat        = regexp.MustCompile(detectors.PrefixRegex([]string{"gitlab"}) + `\b([a-zA-Z0-9\-=_]{20,22})\b`)
+
+	BlockedUserMessage = "403 Forbidden - Your account has been blocked"
 )
 
 // Keywords are used for efficiently pre-filtering chunks.
@@ -60,6 +62,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		s1 := detectors.Result{
 			DetectorType: detectorspb.DetectorType_Gitlab,
 			Raw:          []byte(resMatch),
+			ExtraData:    map[string]string{},
 		}
 		s1.ExtraData = map[string]string{
 			"rotation_guide": "https://howtorotate.com/docs/tutorials/gitlab/",
@@ -67,8 +70,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		}
 
 		if verify {
-			isVerified, verificationErr := s.verifyGitlab(ctx, resMatch)
+			isVerified, extraData, verificationErr := s.verifyGitlab(ctx, resMatch)
 			s1.Verified = isVerified
+			s1.ExtraData = extraData
+
 			s1.SetVerificationError(verificationErr, resMatch)
 		}
 
@@ -78,7 +83,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 	return results, nil
 }
 
-func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, error) {
+func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[string]string, error) {
 	// there are 4 read 'scopes' for a gitlab token: api, read_user, read_repo, and read_registry
 	// they all grant access to different parts of the API. I couldn't find an endpoint that every
 	// one of these scopes has access to, so we just check an example endpoint for each scope. If any
@@ -98,13 +103,14 @@ func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, error
 		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", resMatch))
 		res, err := client.Do(req)
 		if err != nil {
-			return false, err
+			return false, nil, err
 		}
 
 		defer res.Body.Close()
-		body, err := io.ReadAll(res.Body)
+
+		bodyBytes, err := io.ReadAll(res.Body)
 		if err != nil {
-			return false, err
+			return false, nil, err
 		}
 
 		// 200 means good key and has `read_user` scope
@@ -112,19 +118,28 @@ func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, error
 		// 401 is bad key
 		switch res.StatusCode {
 		case http.StatusOK:
-			return json.Valid(body), nil
+			return json.Valid(bodyBytes), nil, nil
 		case http.StatusForbidden:
+			// check if the user account is blocked or not
+			stringBody := string(bodyBytes)
+			if strings.Contains(stringBody, BlockedUserMessage) {
+				return true, map[string]string{
+					"blocked": "True",
+				}, nil
+			}
+
 			// Good key but not the right scope
-			return true, nil
+			return true, nil, nil
 		case http.StatusUnauthorized:
 			// Nothing to do; zero values are the ones we want
-			return false, nil
+			return false, nil, nil
 		default:
-			return false, fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
+			return false, nil, fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
 		}
 
 	}
-	return false, nil
+
+	return false, nil, nil
 }
 
 func (s Scanner) Type() detectorspb.DetectorType {
diff --git a/pkg/detectors/gitlab/v2/gitlab_v2.go b/pkg/detectors/gitlab/v2/gitlab_v2.go
index 19284fdd71dd..ee04aee6f2f4 100644
--- a/pkg/detectors/gitlab/v2/gitlab_v2.go
+++ b/pkg/detectors/gitlab/v2/gitlab_v2.go
@@ -3,6 +3,7 @@ package gitlab
 import (
 	"context"
 	"fmt"
+	"io"
 	"net/http"
 	"strings"
 
@@ -10,6 +11,7 @@ import (
 
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
+	v1 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/gitlab/v1"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
 )
 
@@ -49,6 +51,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		s1 := detectors.Result{
 			DetectorType: detectorspb.DetectorType_Gitlab,
 			Raw:          []byte(resMatch),
+			ExtraData:    map[string]string{},
 		}
 		s1.ExtraData = map[string]string{
 			"rotation_guide": "https://howtorotate.com/docs/tutorials/gitlab/",
@@ -56,8 +59,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		}
 
 		if verify {
-			isVerified, verificationErr := s.verifyGitlab(ctx, resMatch)
+			isVerified, extraData, verificationErr := s.verifyGitlab(ctx, resMatch)
 			s1.Verified = isVerified
+			s1.ExtraData = extraData
+
 			s1.SetVerificationError(verificationErr, resMatch)
 		}
 
@@ -67,7 +72,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 	return results, nil
 }
 
-func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, error) {
+func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, map[string]string, error) {
 	// there are 4 read 'scopes' for a gitlab token: api, read_user, read_repo, and read_registry
 	// they all grant access to different parts of the API. I couldn't find an endpoint that every
 	// one of these scopes has access to, so we just check an example endpoint for each scope. If any
@@ -86,28 +91,41 @@ func (s Scanner) verifyGitlab(ctx context.Context, resMatch string) (bool, error
 		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", resMatch))
 		res, err := client.Do(req)
 		if err != nil {
-			return false, err
+			return false, nil, err
+		}
+		defer res.Body.Close()
+
+		bodyBytes, err := io.ReadAll(res.Body)
+		if err != nil {
+			return false, nil, err
 		}
-		defer res.Body.Close() // The request body is unused.
 
 		// 200 means good key and has `read_user` scope
 		// 403 means good key but not the right scope
 		// 401 is bad key
 		switch res.StatusCode {
 		case http.StatusOK:
-			return true, nil
+			return true, nil, nil
 		case http.StatusForbidden:
+			// check if the user account is blocked or not
+			stringBody := string(bodyBytes)
+			if strings.Contains(stringBody, v1.BlockedUserMessage) {
+				return true, map[string]string{
+					"blocked": "True",
+				}, nil
+			}
+
 			// Good key but not the right scope
-			return true, nil
+			return true, nil, nil
 		case http.StatusUnauthorized:
 			// Nothing to do; zero values are the ones we want
-			return false, nil
+			return false, nil, nil
 		default:
-			return false, fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
+			return false, nil, fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
 		}
 
 	}
-	return false, nil
+	return false, nil, nil
 }
 
 func (s Scanner) Type() detectorspb.DetectorType {