Back

abm.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of employee and client data, with over 52,000 historical data breaches and over 2,800 active infostealer logs detected. The primary threat vector appears to be infostealer malware, with Redline being the most prevalent family, accounting for 63.8% of identified malware. The data suggests a broad impact across employee and client accounts, with a notable increase in employee-related events in September 2025 and January 2026, and client-related events peaking in September 2025 and June 2026. The presence of "Combolist sources" and "Database dumps" in leak repositories, alongside targeted services like "abm.com" and various Android applications, suggests a high risk of credential stuffing attacks and further data compromise. Given the high volume of data breaches and active infostealer logs, this situation warrants immediate attention. The focus should be on comprehensive credential hygiene, including mandatory password resets for all employees and clients, enhanced multi-factor authentication deployment, and thorough security awareness training. Investigating the root cause of the historical data breaches and the active infostealer infections is critical to preventing future occurrences. Prioritizing the remediation of vulnerabilities associated with the targeted services and operating systems, particularly older Windows Server versions, should be a key objective.

Total Events

55,265
credential exposure events

Employee Affected Events

52,166
account email domain = abm.com

Client Affected Events

3,099
service target = abm.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
20,00013,3336,6670
peak month 15,465
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,813
Share5%
Data breaches
Events52,452
Share95%
Infostealer logs (5%)
2,813events
Data breaches (95%)
52,452events

52,166 compromised employee accounts pose an infrastructure risk, while 3,099 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender13
Windows Defender [ON]1
Avira1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,795
LummaC2208
Rhadamanthys118
Vidar94
Acreed27
Remus18
RisePro12
Millenium8
StealC5

Top Login URLs

Top exposed services found in the event results

  1. 1abm.com840
  2. 2android://FSCDlm5BOVDTpVNoIcEZzPV0TNyRJXo8nPjnrn7G_M10-H7M0llkh9usnrQsWlvdExq4II3np2klFs6fOtpqyA==@com.abm.mainetskdclproduct/502
  3. 3android://zhzVHvtOOgX4xN1cYCBR7JsfZK0z9TkKRSJm1frkgU3qq-BIC-RX3wBaMwJyiitXFX2Iu60LtS7G8IB44zfIVw==@com.abm.leavemanagement/109
  4. 4android://WDhgyFK0Y933xqmie_MInwcbjqe4IH5-4Iw-FdpUOsnpp6vg-R_tMKXoUQRyH3I4qI76kTd5cesOpFahJ_sDaA==@com.abm.epsexam/70
  5. 5android://qq-wWMrqdVUYtsosNyIvjyjxgnYqtYZe0kmW8pgNNRcLjJ6KiXuYsqvDsyYH3y-SOfbW_LQuTe-y42y3XURcgQ==@com.abm.dreamkoreaubttest/65
  6. 6android://1xkRLvqxuEXuMw-jdDDWooPQINszg0flBp7GOPZ0Hb7540YBsgiXgoywkoR5rCYWRjGt5NGjXGcIJPrD5yxiRA==@com.abm.emunicipalitybihar/59
  7. 7android://-fJQzD4m8qkDPtcUsDAfOKgbaZMuB6vTB-LWqp_wT_v2DtjWoHpmVwSLAdNFx-S3Qr_70kwOLJuFbjUi9qieNA==@com.abm.smartkdmc/46
  8. 8android://2nh8cOY0EbXOulVPJEU5zvDQcdxujg1lobyrJH4NKJ_AgajsOSW9R149t-u5SkMtb0sGGSJq_et46gAsMQMi9w==@com.abm.topikexameps/43
  9. 9android://yp7PjQY0clzLTGsQ61MssdcYpg-TeBH0Ecwf9dvJ9gjIR3wHB4BJ00fT85wVHER-LaNKrlD07IvD7HdwiAcGcw==@com.abm.salik.adhikari/37
  10. 10payments.abm.com30

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events549
Netherlands
Events394
Germany
Events357
India
Events328
Denmark
Events185
Nepal
Events93
United Kingdom
Events46
France
Events35

Country Breakdown

  1. 1United States549
  2. 2Netherlands394
  3. 3Germany357
  4. 4India328
  5. 5Denmark185
  6. 6Nepal93
  7. 7United Kingdom46
  8. 8France35

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft171
Citrix114
Git27
Cisco (AnyConnect)26
FortiNet VPN20
Pulse Secure19
Intranet3

Operating System Distribution

Distribution of compromised endpoint builds

Windows Server 2003 R2 x32148
Windows Server 2008 R2 x32133
Windows 8.1 x32131
Windows 8 x32127
Windows 10 Home x32126

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
36,330
Combolist pools
16,122
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.