Back

bakerhughes.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of employee and client data, with 65,904 historical data breaches and 3,451 active infostealer logs observed over the reporting period. The primary threat vectors appear to be infostealers like Redline, LummaC2, and Rhadamanthys, which are often used to exfiltrate credentials and sensitive information. The data breaches are predominantly sourced from combolist and database dump repositories, suggesting compromised credentials or leaked user data are being exploited. The targeted services include critical authentication portals like myid.bakerhughes.com and mail.bakerhughes.com, indicating a high risk of account takeover and further compromise. Given the high volume of data breaches and active infostealer activity targeting employee and client credentials, this situation presents a critical risk. The prevalence of Redline infostealer, known for stealing browser credentials and cryptocurrency wallets, is particularly concerning. Remediation efforts should focus on immediate credential rotation for all affected employees and clients, enhanced multi-factor authentication deployment, and thorough security audits of the identified targeted services. Investigating the source of the data breaches and infostealer infections is paramount to preventing future occurrences.

Total Events

69,355
credential exposure events

Employee Affected Events

60,867
account email domain = bakerhughes.com

Client Affected Events

8,488
service target = bakerhughes.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
25,00016,6678,3330
peak month 23,638
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events3,451
Share5%
Data breaches
Events65,904
Share95%
Infostealer logs (5%)
3,451events
Data breaches (95%)
65,904events

60,867 compromised employee accounts pose an infrastructure risk, while 8,488 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender30
Windows Defender.3
Avast1
Malwarebytes1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,893
LummaC2257
Rhadamanthys214
Acreed196
Vidar75
Millenium54
RisePro44
StealC42
Remus37

Top Login URLs

Top exposed services found in the event results

  1. 1bakerhughes.com1,185
  2. 2https://myid.bakerhughes.com/450
  3. 3https://myid.bakerhughes.com411
  4. 4https://myid.bakerhughes.com/login/login.htm400
  5. 5myid.bakerhughes.com394
  6. 6myid.bakerhughes.com/239
  7. 7myid.bakerhughes.com/login/login.htm225
  8. 8https://myid.bakerhughes.com/login/default170
  9. 9https://mail.bakerhughes.com/my.policy161
  10. 10https://webapps.bakerhughes.com/my.policy121

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events465
Netherlands
Events405
Germany
Events366
Denmark
Events161
Colombia
Events140
Algeria
Events101
United Kingdom
Events94
Brazil
Events92

Country Breakdown

  1. 1United States465
  2. 2Netherlands405
  3. 3Germany366
  4. 4Denmark161
  5. 5Colombia140
  6. 6Algeria101
  7. 7United Kingdom94
  8. 8Brazil92

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

F5926
Microsoft728
Microsoft Entra ID (External ID / B2C)40
Citrix31
Cisco (AnyConnect)25
Pulse Secure15
Git14

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11180
Windows 10 22H2 build 19045 (64 Bit)143
Windows 10 Home x32143
Windows Server 2008 R2 x32132
Windows 10 Enterprise x32128

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
39,336
Combolist pools
26,568
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.