Back

cdw.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain cdw.com has experienced a significant number of data breach events, totaling 92,099, which constitutes 95.3% of all observed events during the reporting period. Additionally, there were 4,539 infostealer events, representing 4.7% of the total. The timeline indicates a surge in employee and client-related events, particularly in September 2025 and January 2026, suggesting potential compromise of user credentials or sensitive information. Malware families such as Redline, Rhadamanthys, and LummaC2 were prevalent, often associated with infostealer activities. Given the high volume of data breaches and the presence of infostealer malware targeting user credentials and potentially sensitive data, this exposure presents a critical risk. The prevalence of Redline infostealer, which is known for exfiltrating browser credentials and cryptocurrency wallets, is a major concern. Remediation efforts should focus on immediate credential hygiene, including widespread password resets and multi-factor authentication enforcement for all employee and client accounts. Investigating the root cause of the data breaches and infostealer infections, particularly those impacting login pages for cdw.com, is paramount. Enhanced monitoring for anomalous login activity and data exfiltration is also recommended.

Total Events

96,638
credential exposure events

Employee Affected Events

75,174
account email domain = cdw.com

Client Affected Events

21,464
service target = cdw.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 34,164
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events4,539
Share5%
Data breaches
Events92,099
Share95%
Infostealer logs (5%)
4,539events
Data breaches (95%)
92,099events

75,174 compromised employee accounts pose an infrastructure risk, while 21,464 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender35
Windows Defender Kaspersky.3
Bitdefender2
Avast AVG1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,153
Rhadamanthys396
LummaC2369
Acreed227
Vidar150
X-Files37
Millenium36
Remus33
RisePro32

Top Login URLs

Top exposed services found in the event results

  1. 1cdw.com3,188
  2. 2https://cdw.com1,514
  3. 3https://www.cdw.com1,405
  4. 4https://www.cdw.com/accountcenter/logon/newaccount1,004
  5. 5www.cdw.com964
  6. 6cdw.com/accountcenter/logon/newaccount692
  7. 7https://www.cdw.com/accountcenter/LogOn593
  8. 8www.cdw.com/accountcenter/logon/newaccount484
  9. 9https://www.cdw.com/account/logon/newaccount462
  10. 10https://www.cdw.com/415

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events1,459
Netherlands
Events410
Germany
Events364
Denmark
Events180
Canada
Events133
United Kingdom
Events97
India
Events54
Pakistan
Events52

Country Breakdown

  1. 1United States1,459
  2. 2Netherlands410
  3. 3Germany364
  4. 4Denmark180
  5. 5Canada133
  6. 6United Kingdom97
  7. 7India54
  8. 8Pakistan52

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft281
Citrix126
Git32
Cisco (AnyConnect)28
FortiNet VPN23
Okta12
Pulse Secure9

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11306
Windows 10 Enterprise x64196
Windows 10 Home x64173
Windows 11 24H2 build 26100 (64 Bit)168
Windows Server 2012 x32138

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
55,914
Combolist pools
36,185
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.