Back

bancsabadell.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of client data, with 106,805 client records compromised, alongside 6,712 employee records. This exposure is primarily driven by historical data breaches (87.2%) and active infostealer logs (12.8%). The timeline shows a notable surge in employee and client compromises in January 2026, with subsequent spikes in March and April 2026. Malware families like Redline, LummaC2, and Acreed are frequently observed, suggesting active credential harvesting. The majority of exposed data originates from combolist sources (94.1%), indicating credential stuffing or reuse attacks. The primary geographic origin of the telemetry is Spain, with a smaller presence in Pakistan and the United Kingdom. Given the high volume of client and employee data compromised, coupled with the active presence of infostealers and the nature of the data sources (combolists), this incident poses a critical risk. The focus for remediation should be on immediate incident response to contain active infostealer threats, comprehensive credential hygiene for both employees and clients, and a thorough review of access controls and data protection mechanisms. Prioritizing the investigation into the January 2026 spike is crucial for understanding the initial compromise vector and preventing recurrence.

Total Events

113,517
credential exposure events

Employee Affected Events

6,712
account email domain = bancsabadell.com

Client Affected Events

106,805
service target = bancsabadell.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 31,630
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events14,552
Share13%
Data breaches
Events98,965
Share87%
Infostealer logs (13%)
14,552events
Data breaches (87%)
98,965events

6,712 compromised employee accounts pose an infrastructure risk, while 106,805 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender345
Kaspersky105
Windows Defender ESET Security32
Windows Defender.19
Windows Defender McAfee VirusScan19
Windows Defender McAfee VirusScan Enterprise18
Windows Defender McAfee® McAfee10
Windows Defender McAfee5
Windows Defender Avast Antivirus4

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,575
LummaC22,436
Acreed1,479
Rhadamanthys1,364
Vidar669
RisePro249
StealC248
Millenium208
Blank Grabber112

Top Login URLs

Top exposed services found in the event results

  1. 1bancsabadell.com6,325
  2. 2https://bancsabadell.com4,658
  3. 3https://www.bancsabadell.com/cs/Satellite/SabAtl/4,160
  4. 4https://www.bancsabadell.com4,031
  5. 5https://www.bancsabadell.com/cs/Satellite/SabAtl/Empresas/1191332202619/es/3,363
  6. 6bancsabadell.com/cs/Satellite/SabAtl/2,718
  7. 7www.bancsabadell.com2,434
  8. 8bancsabadell.com/cs/Satellite/SabAtl/Empresas/1191332202619/es/2,088
  9. 9https://www.bancsabadell.com/bsnacional/es/particulares/login/1,832
  10. 10www.bancsabadell.com/cs/Satellite/SabAtl/1,808

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Spain
Events8,118
Pakistan
Events123
United Kingdom
Events67
United States
Events66
France
Events66
Germany
Events53
Egypt
Events31
Morocco
Events29

Country Breakdown

  1. 1Spain8,118
  2. 2Pakistan123
  3. 3United Kingdom67
  4. 4United States66
  5. 5France66
  6. 6Germany53
  7. 7Egypt31
  8. 8Morocco29

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix665
Extranet54
Pulse Secure38
Microsoft14
Zendesk2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 111,507
Windows 10 Enterprise x64875
Windows 11 24H2 build 26100 (64 Bit)620
Windows 10567
Windows 10 Pro551

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
93,136
Combolist pools
5,829
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.