Back

airbnb.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting Airbnb, with over 584,000 total events recorded between July 2025 and June 2026. A substantial portion of these events, over 478,000, are classified as historical data breaches, and over 106,000 are identified as active infostealer logs. This suggests a widespread compromise affecting both client and employee data, with a notable spike in employee-related events in January 2026. The primary malware families observed are LummaC2, Acreed, and Redline, all known for credential harvesting and data exfiltration. The data originates predominantly from the United States, Brazil, and India, and the primary leak repository classification is "Combolist sources," indicating mass credential stuffing or reuse attacks.

Total Events

584,432
credential exposure events

Employee Affected Events

10,100
account email domain = airbnb.com

Client Affected Events

574,332
service target = airbnb.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
150,000100,00050,0000
peak month 138,553
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events106,147
Share18%
Data breaches
Events478,285
Share82%
Infostealer logs (18%)
106,147events
Data breaches (82%)
478,285events

10,100 compromised employee accounts pose an infrastructure risk, while 574,332 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender2,572
Windows Defender.258
Windows Defender McAfee149
Windows Defender Avast Antivirus66
Avast Antivirus40
McAfee37
Quick Heal Internet Security22
Windows Defender ESET Security21
Windows Defender 360 Total Security16

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC214,864
Acreed13,964
Redline13,580
Rhadamanthys10,500
Vidar6,642
Millenium1,714
StealC1,371
RisePro1,171
Remus1,154

Top Login URLs

Top exposed services found in the event results

  1. 1android://d83QBGRN5FhBqrie9nkVRQKFh_dZMVLeZcFA1YCOzX8r-4cr6BOfWRGV8XWnLIiUXQ7BuoC8P5hm1_XMRec8AQ==@com.airbnb.android/103,190
  2. 2airbnb.com45,469
  3. 3https://www.airbnb.com/36,074
  4. 4https://airbnb.com30,133
  5. 5https://www.airbnb.com30,083
  6. 6airbnb.com/20,413
  7. 7www.airbnb.com19,347
  8. 8https://www.airbnb.com/login17,072
  9. 9www.airbnb.com/14,294
  10. 10airbnb.com/login10,669

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events10,068
Brazil
Events4,162
India
Events3,651
Philippines
Events3,469
Spain
Events3,015
France
Events2,588
Malaysia
Events1,999
Mexico
Events1,996

Country Breakdown

  1. 1United States10,068
  2. 2Brazil4,162
  3. 3India3,651
  4. 4Philippines3,469
  5. 5Spain3,015
  6. 6France2,588
  7. 7Malaysia1,999
  8. 8Mexico1,996

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

OneLogin39
Zendesk7
Salesforce7
Citrix5
Microsoft Entra ID (External ID / B2C)5
WordPress2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1113,301
Windows 10 Enterprise x645,339
Windows 11 24H2 build 26100 (64 Bit)4,886
Windows 104,843
Windows 10 22H2 build 19045 (64 Bit)4,130

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
468,261
Combolist pools
10,024
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.