Back

att.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event for att.com, with over 54 million historical data breaches and over 227,000 active infostealer logs. The majority of the exposure, 99.6%, is attributed to historical data breaches, while 0.4% relates to active infostealer activity. The timeline shows a surge in client-related events in February 2026, coinciding with a decrease in employee-related events. Malware families like Redline, LummaC2, and Rhadamanthys are prevalent in the infostealer logs. Targeted services include various AT&T sign-in portals, suggesting potential credential compromise. The primary operating systems affected are Windows 11 and Windows 10 variants. The majority of the data breach volume originates from database dumps, with a smaller portion from combolist sources. The United States is the most represented geography.

Total Events

54,629,125
credential exposure events

Employee Affected Events

839,977
account email domain = att.com

Client Affected Events

53,789,148
service target = att.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
60,000,00040,000,00020,000,0000
peak month 52,248,569
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events227,486
Share0%
Data breaches
Events54,401,639
Share100%
Infostealer logs (0%)
227,486events
Data breaches (100%)
54,401,639events

839,977 compromised employee accounts pose an infrastructure risk, while 53,789,148 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender4,965
Avast Antivirus284
Windows Defender.275
Windows Defender Webroot SecureAnywhere128
Malwarebytes111
McAfee104
Windows Defender McAfee62
Windows Defender Malwarebytes58
Windows Defender McAfee VirusScan45

Malware Families Distribution

Distribution of Active Stealer Strains

Redline34,335
LummaC231,838
Rhadamanthys29,555
Acreed17,017
Vidar12,421
X-Files4,790
Millenium2,522
StealC2,432
RisePro2,335

Top Login URLs

Top exposed services found in the event results

  1. 1https://signin.att.com/dynamic/iamLRR/LrrController118,729
  2. 2att.com85,710
  3. 3signin.att.com/dynamic/iamLRR/LrrController65,376
  4. 4https://signin.att.com51,884
  5. 5https://www.att.com50,708
  6. 6https://att.com50,128
  7. 7signin.att.com47,926
  8. 8www.att.com33,480
  9. 9https://www.att.com/my/31,463
  10. 10signin.att.com/dynamic/iamlrr/lrrcontroller30,016

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events97,769
Mexico
Events16,704
India
Events2,538
Indonesia
Events1,934
Bangladesh
Events1,185
Philippines
Events1,169
Nigeria
Events1,085
Venezuela
Events1,075

Country Breakdown

  1. 1United States97,769
  2. 2Mexico16,704
  3. 3India2,538
  4. 4Indonesia1,934
  5. 5Bangladesh1,185
  6. 6Philippines1,169
  7. 7Nigeria1,085
  8. 8Venezuela1,075

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft553
Microsoft Entra ID (External ID / B2C)88
NetSuite56
Jira (Atlassian)51
Citrix43
WordPress42
FortiNet VPN36

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1123,046
Windows 11 24H2 build 26100 (64 Bit)16,424
Windows 10 Home x6413,046
Windows 10 Enterprise x6411,955
Windows 10 22H2 build 19045 (64 Bit)8,231

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
1,869,967
Combolist pools
52,531,672
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.