Back

aig.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting aig.com, with 116,765 historical data breaches and 5,427 active infostealer logs observed between July 2025 and June 2026. The majority of these events are linked to historical data breaches, accounting for 95.6% of the total. Infostealer activity, comprising 4.4% of events, is primarily associated with the Redline malware family, followed by Rhadamanthys and LummaC2. The data suggests a broad impact, with employee and client data being compromised, and a notable concentration of activity originating from Mexico and the United States. The presence of "Combolist sources" and "Database dumps" in leak repositories further suggests credential stuffing and large-scale data exfiltration as potential attack vectors.

Total Events

122,192
credential exposure events

Employee Affected Events

106,048
account email domain = aig.com

Client Affected Events

16,144
service target = aig.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
60,00040,00020,0000
peak month 51,821
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events5,427
Share4%
Data breaches
Events116,765
Share96%
Infostealer logs (4%)
5,427events
Data breaches (96%)
116,765events

106,048 compromised employee accounts pose an infrastructure risk, while 16,144 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender82
Windows Defender McAfee VirusScan4
Windows Defender [ON]3
Windows Defender Webroot SecureAnywhere3

Malware Families Distribution

Distribution of Active Stealer Strains

Redline3,466
Rhadamanthys344
LummaC2319
Acreed155
Vidar86
X-Files48
StealC31
Millenium27
RisePro15

Top Login URLs

Top exposed services found in the event results

  1. 1aig.com2,959
  2. 2https://www-3.aig.com/larlogin/login/lar/jsp/lar_login_pt_BR.jsp266
  3. 3https://live.cloud.api.aig.com258
  4. 4https://live.cloud.api.aig.com/life/connext-consumer-portal/public/login239
  5. 5live.cloud.api.aig.com191
  6. 6https://auth1.customerpltfm.aig.com/oauth2/aus187xvth5kQKY1t5d7/v1/authorize188
  7. 7https://securemail2.aig.com/formpostdir/safeformpost.aspx161
  8. 8https://live.cloud.api.aig.com/life/connext-security/public/login158
  9. 9https://live.cloud.api.aig.com/life/connext-portal/public/registeruser154
  10. 10https://www-115.aig.com151

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Mexico
Events1,448
United States
Events1,107
Netherlands
Events433
Germany
Events353
Brazil
Events169
Denmark
Events163
India
Events136
Malaysia
Events85

Country Breakdown

  1. 1Mexico1,448
  2. 2United States1,107
  3. 3Netherlands433
  4. 4Germany353
  5. 5Brazil169
  6. 6Denmark163
  7. 7India136
  8. 8Malaysia85

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft Entra ID (External ID / B2C)734
Citrix277
Okta193
Microsoft118
Pulse Secure56
Git35
FortiNet VPN13

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 Home x641,407
Windows 11255
Windows 11 24H2 build 26100 (64 Bit)198
Windows Server 2012 x32152
Windows 7 x32131

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
54,383
Combolist pools
62,382
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.