Skip to content
English
Go to Mercury
  • There are no suggestions because the search field is empty.

Can QuoIntelligence filter out credential leaks that are older than a specific time frame?

How QuoIntelligence handles reporting of older credentials and why time-based filtering is not applied by default

Client Context:

Some clients have internal policies, such as regular password rotations every 6 or 12 months, and may question the value of receiving credential leak alerts that are older than that time frame.
--> A common request is whether it’s possible to suppress or ignore credentials that are deemed outdated.

QuoIntelligence Position:

QuoIntelligence only reports credentials that have not been already sent in the past to a customer. However, new customers might receive older credentials that appear in newly detected leaks, due to the nature of the sources and the way breach data is shared across underground ecosystems. Please, consider that:

  • Credential leaks rarely contain accurate timestamps indicating when the original compromise occurred.
  • Data often appears in bundled dumps or combo lists and is reused or reshared long after the initial breach.
  • In rare cases (e.g., infostealer logs), timestamps like infection dates may be available, but this is the exception, not the norm. When available, QuoIntelligence specifies what is the date of infection.
  • QuoIntelligence reports credentials in new leaks if not already reported, as clients might not be aware of the credential still circulating, or the previous vendor might have not informed of the leak.

Reporting Logic:

  • Once a credential is reported to a client, it will not be re-reported again.
  • If a credential has not been reported before, it will be sent regardless, to avoid potential intelligence misses, and to cover all potential gaps.
  • We encourage clients to check leaked credentials against password update logs to internally verify the relevancy of our reported incidents.
  • QuoIntelligence does its best in sending only relevant alerts, to reduce noise to the minimum and always assesses the relevancy with a predefined logic, flagging high, medium and low risk alerts. To learn more about our criticality criteria, you can access the following LINK.

Recommendation for Clients:

For organizations with password rotation policies, we recommend implementing internal relevancy processes to assess if leaked credentials are still active or represent a real risk.

Custom filtering logic (e.g., ignoring credentials older than X months) is not applied on our end, as it increases the risk of false negatives and missed threats.