Back

apache.org Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting the apache.org domain, with 7,427 total events observed between July 2025 and June 2026. The majority of these events, 83.5%, are classified as historical data breaches, affecting 6,202 entities, while 16.5% are active infostealer logs, impacting 1,225 entities. The timeline shows a notable surge in employee-related events in January 2026, with 646 instances, and a substantial increase in client-related events in March 2026, with 1,827 instances. Malware families such as Redline, LummaC2, and Rhadamanthys are prevalent, suggesting credential harvesting and data exfiltration. The primary targeted services are related to Jira and Confluence, indicating potential compromise of development and collaboration platforms. Geographically, India, the United States, and Pakistan show the highest number of affected entities. The leak repository classification reveals a large volume of data originating from combolist sources and database dumps.

Total Events

7,427
credential exposure events

Employee Affected Events

1,150
account email domain = apache.org

Client Affected Events

6,277
service target = apache.org

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,0001,3336670
peak month 1,827
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,225
Share17%
Data breaches
Events6,202
Share84%
Infostealer logs (17%)
1,225events
Data breaches (84%)
6,202events

1,150 compromised employee accounts pose an infrastructure risk, while 6,277 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender17
Windows Defender ESET Security1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline193
LummaC2149
Rhadamanthys98
Vidar89
Acreed71
StealC21
Cthulhu17
Raccoon12
Remus6

Top Login URLs

Top exposed services found in the event results

  1. 1https://issues.apache.org/jira/secure/Signup!default.jspa377
  2. 2https://issues.apache.org328
  3. 3issues.apache.org278
  4. 4https://cwiki.apache.org/confluence/signup.action250
  5. 5issues.apache.org/jira/secure/Signup!default.jspa234
  6. 6https://bz.apache.org/bugzilla/token.cgi201
  7. 7https://issues.apache.org/jira/secure/signup!default.jspa176
  8. 8https://cwiki.apache.org175
  9. 9https://cwiki.apache.org/confluence/dosignup.action161
  10. 10cwiki.apache.org/confluence/signup.action153

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events121
United States
Events71
Pakistan
Events31
China
Events31
Saudi Arabia
Events28
Bangladesh
Events23
Mexico
Events20
Brazil
Events18

Country Breakdown

  1. 1India121
  2. 2United States71
  3. 3Pakistan31
  4. 4China31
  5. 5Saudi Arabia28
  6. 6Bangladesh23
  7. 7Mexico20
  8. 8Brazil18

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Jira (Atlassian)1,673
FortiNet VPN4
GitLab2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11132
Windows 10 Enterprise x64105
Windows 10 Home (10.0.19045) x6443
Windows 10 Home x6442
Windows 10 22H2 build 19045 (64 Bit)40

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
5,258
Combolist pools
944
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.