In mail providers like Microsoft 365 , administrators can use MailItemsAccessed logs to see exactly which messages a threat actor viewed. Use MailItemsAccessed to investigate compromised accounts
100,000 high-quality (HQ) email address and password combinations. 100K HQ MAIL ACCESS BASE BY Old_Deep 02-03-2023...
Check for "Sent" items you didn't write or "Read" statuses on emails you haven't opened. In mail providers like Microsoft 365 , administrators
Hackers use these lists to automatically test the same email/password on other sites (e.g., banking, social media). Hackers use these lists to automatically test the
If you or your organization believe your data was included in this specific "Old_Deep" leak, immediate action is required:
The subject line refers to a specific data leak posted on a cybercrime forum by a threat actor known as Old_Deep . This specific leak was distributed on February 3, 2023, and contains approximately 100,000 sets of compromised email credentials, designed for "mail access"—meaning the credentials allow direct login to the mailboxes themselves. Incident Overview Source: A cybercrime forum or "dark web" marketplace. Leak Name: 100K HQ MAIL ACCESS BASE. Threat Actor: Old_Deep. Release Date: February 3, 2023.
This type of database is highly valuable to cybercriminals because "mail access" provides more than just a login; it grants entry to the core of a user's digital identity.