Back

adobe.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event affecting approximately 53.8 million clients and 95 thousand employees of adobe.com between July 2025 and June 2026. The primary driver of this exposure is historical data breaches, accounting for over 52.2 million events, with active infostealer logs contributing an additional 1.7 million. The most prevalent malware families observed are Redline, LummaC2, and Rhadamanthys, often associated with credential theft. The data suggests a broad geographical impact, with India, the United States, and Brazil showing the highest incidence. The targeted services primarily involve Adobe's authentication infrastructure, including auth.services.adobe.com and adobeid-na1.services.adobe.com. Given the scale of client and employee data involved and the prevalence of infostealer malware, this incident poses a high risk of identity theft, financial fraud, and further downstream attacks. The extensive historical data breaches suggest a long-term compromise that may have already led to the exfiltration of sensitive information. Remediation efforts should focus on immediate credential rotation for all affected employees and clients, enhanced monitoring of authentication services, and comprehensive security audits of systems handling client and employee data. The presence of multiple infostealer families necessitates a thorough investigation into the root cause of compromise and the implementation of robust endpoint detection and response capabilities.

Total Events

53,928,860
credential exposure events

Employee Affected Events

95,265
account email domain = adobe.com

Client Affected Events

53,833,595
service target = adobe.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
50,000,00033,333,33316,666,6670
peak month 43,720,607
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,721,507
Share3%
Data breaches
Events52,207,353
Share97%
Infostealer logs (3%)
1,721,507events
Data breaches (97%)
52,207,353events

95,265 compromised employee accounts pose an infrastructure risk, while 53,833,595 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender33,465
Windows Defender.1,476
Windows Defender McAfee529
McAfee VirusScan363
Windows Defender ESET Security324
McAfee222
Avast220
Malwarebytes211
Webroot SecureAnywhere197

Malware Families Distribution

Distribution of Active Stealer Strains

Redline298,186
LummaC2278,688
Rhadamanthys179,123
Vidar118,693
Acreed109,837
StealC34,669
RisePro34,035
Remus13,013
Millenium12,354

Top Login URLs

Top exposed services found in the event results

  1. 1auth.services.adobe.com983,160
  2. 2https://auth.services.adobe.com965,713
  3. 3https://auth.services.adobe.com/en_US/deeplink.html814,511
  4. 4https://auth.services.adobe.com/626,537
  5. 5https://auth.services.adobe.com/en_US/index.html567,251
  6. 6auth.services.adobe.com/en_US/deeplink.html440,416
  7. 7adobeid-na1.services.adobe.com411,123
  8. 8https://adobeid-na1.services.adobe.com400,261
  9. 9auth.services.adobe.com/354,034
  10. 10auth.services.adobe.com/en_US/index.html329,735

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events140,933
United States
Events78,053
Brazil
Events77,886
Egypt
Events42,108
Bangladesh
Events40,442
Indonesia
Events36,782
Pakistan
Events36,215
Mexico
Events33,019

Country Breakdown

  1. 1India140,933
  2. 2United States78,053
  3. 3Brazil77,886
  4. 4Egypt42,108
  5. 5Bangladesh40,442
  6. 6Indonesia36,782
  7. 7Pakistan36,215
  8. 8Mexico33,019

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Okta1,256
Microsoft120
Citrix105
Jira (Atlassian)63
WordPress38
Zendesk21
Git18

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11128,670
Windows 10 Enterprise x64127,059
Windows 11 24H2 build 26100 (64 Bit)79,943
Windows 10 Pro68,623
Windows 10 22H2 build 19045 (64 Bit)63,808

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
9,584,285
Combolist pools
42,623,068
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.