Back

ameritrade.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event for ameritrade.com, with a risk score of 100. The primary concern stems from 73,536 historical data breaches and 9,607 active infostealer logs observed between July 2025 and June 2026. These events disproportionately affect clients, with 69,515 client-related exposures, alongside 13,628 employee-related exposures. The data suggests a high likelihood of credential compromise, with "Combolist sources" accounting for 83.2% of leak repository classifications. Malware families such as Redline, Rhadamanthys, and LummaC2, commonly associated with credential theft, are prevalent. Given the critical nature of financial services and the high volume of client and employee data compromised, this incident warrants immediate attention. The focus should be on comprehensive credential reset campaigns for both clients and employees, enhanced monitoring for unauthorized access to financial accounts, and a thorough review of authentication and data protection mechanisms. The prevalence of infostealer malware targeting login services like invest.ameritrade.com underscores the need for robust endpoint security and user education to prevent further compromise.

Total Events

83,143
credential exposure events

Employee Affected Events

13,628
account email domain = ameritrade.com

Client Affected Events

69,515
service target = ameritrade.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
25,00016,6678,3330
peak month 20,873
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events9,607
Share12%
Data breaches
Events73,536
Share88%
Infostealer logs (12%)
9,607events
Data breaches (88%)
73,536events

13,628 compromised employee accounts pose an infrastructure risk, while 69,515 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender212
McAfee VirusScan25
Windows Defender McAfee24
Windows Defender.14
Avast Antivirus11
Windows Defender Kaspersky Total Security UltraAV9
Windows Defender Avast Antivirus.4
Windows Defender ESET Security ESET Security.4
AVG Antivirus4

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,534
Rhadamanthys1,295
LummaC21,024
Acreed657
Vidar328
X-Files265
Millenium114
RisePro106
Blank Grabber91

Top Login URLs

Top exposed services found in the event results

  1. 1https://invest.ameritrade.com/grid/p/login17,452
  2. 2invest.ameritrade.com/grid/p/login11,324
  3. 3https://invest.ameritrade.com9,521
  4. 4invest.ameritrade.com8,488
  5. 5https://invest.ameritrade.com/grid/p/site3,363
  6. 6https://invest.ameritrade.com/2,299
  7. 7invest.ameritrade.com/grid/p/site2,157
  8. 8invest.ameritrade.com/1,171
  9. 9https://invest.ameritrade.com/grid/p/forgotPassword1,151
  10. 10https://invest1.ameritrade.com/grid/p/login844

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events3,987
Taiwan
Events113
Colombia
Events93
Nigeria
Events87
Mexico
Events70
Canada
Events63
India
Events60
Indonesia
Events57

Country Breakdown

  1. 1United States3,987
  2. 2Taiwan113
  3. 3Colombia93
  4. 4Nigeria87
  5. 5Mexico70
  6. 6Canada63
  7. 7India60
  8. 8Indonesia57

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

TeamViewer4
Citrix3
Pulse Secure3

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11956
Windows 11 24H2 build 26100 (64 Bit)736
Windows 10 Enterprise x64719
Windows 10 Home x64658
Windows 10 22H2 build 19045 (64 Bit)396

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
61,156
Combolist pools
12,380
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.