Back

abbvie.com Domain Breach Exposure Report

Risk Score

High Risk

Critical asset booster applied - enterprise VPN / gateway credentials exposed.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event affecting AbbVie, with 87,677 historical data breaches and 3,206 active infostealer logs observed over the reporting period. The majority of the exposure stems from data breaches, accounting for 96.5% of events, while infostealer activity represents 3.5%. Employee data is the most frequently compromised category, followed by client data. Malware analysis reveals Redline as the predominant family (62.3%), followed by LummaC2 (10.3%) and Rhadamanthys (5.3%), all of which are known for credential and information theft. The exposure is global, with the United States, Germany, and the Netherlands being the most affected countries. The primary attack vectors appear to target authentication services, including the main domain, careers portal, and identity provider login pages. Given the high volume of historical data breaches and the prevalence of infostealer malware targeting credentials, this situation poses a critical risk to AbbVie. The extensive compromise of employee and client data, coupled with the targeting of authentication services, suggests a high likelihood of further unauthorized access and potential financial or reputational damage. Remediation efforts should focus on immediate incident response to contain active infostealer threats, comprehensive credential hygiene for employees and clients, and a thorough review of authentication and access control mechanisms, particularly for exposed services like the careers portal and identity provider.

Total Events

90,883
credential exposure events

Employee Affected Events

83,859
account email domain = abbvie.com

Client Affected Events

7,024
service target = abbvie.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 38,422
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events3,206
Share4%
Data breaches
Events87,677
Share97%
Infostealer logs (4%)
3,206events
Data breaches (97%)
87,677events

83,859 compromised employee accounts pose an infrastructure risk, while 7,024 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender45
Bitdefender3
Avira2
Windows Defender Avast Antivirus.1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,997
LummaC2331
Rhadamanthys171
Vidar82
Acreed72
RisePro32
StealC24
Remus7
X-Files5

Top Login URLs

Top exposed services found in the event results

  1. 1abbvie.com1,427
  2. 2https://careers.abbvie.com/abbvie/auth/1/register613
  3. 3careers.abbvie.com/abbvie/auth/1/register388
  4. 4careers.abbvie.com306
  5. 5https://careers.abbvie.com303
  6. 6https://idp.abbvie.com/Login.aspx138
  7. 7https://apps.abbvie.com/vpn/index.html117
  8. 8idp.abbvie.com/Login.aspx104
  9. 9https://filetransfer.abbvie.com/register97
  10. 10https://careers.abbvie.com/abbvie/auth/1/login97

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events613
Germany
Events416
Netherlands
Events407
Argentina
Events167
Denmark
Events154
India
Events98
Spain
Events80
Bangladesh
Events74

Country Breakdown

  1. 1United States613
  2. 2Germany416
  3. 3Netherlands407
  4. 4Argentina167
  5. 5Denmark154
  6. 6India98
  7. 7Spain80
  8. 8Bangladesh74

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft808
Citrix385
F5112
Pulse Secure20
Cisco (AnyConnect)15
Okta7
Salesforce7

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Pro (10.0.19045) x64216
Windows Server 2019 x32149
Windows 10 Home x32135
Windows 10 Enterprise x32133
Windows Server 2008 R2 x32128

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
42,777
Combolist pools
44,900
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.