Back

centerpointenergy.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting centerpointenergy.com, with 73,169 historical data breaches and 8,422 active infostealer logs observed over the reporting period. The majority of the data breaches are attributed to combolist sources (61,496 instances), suggesting credential stuffing or similar attacks. Active infostealer activity is dominated by Redline (2,523 instances), Rhadamanthys (1,257 instances), and LummaC2 (1,016 instances), which are known to exfiltrate credentials and sensitive information. Targeted services include authentication endpoints like extssso.centerpointenergy.com and myaccount.centerpointenergy.com, indicating a potential focus on compromising user accounts. The timeline shows a surge in employee and client-related events in September 2025 and January 2026, correlating with increased infostealer activity. Given the high volume of data breaches and active infostealer logs, coupled with the targeting of authentication services, this incident poses a critical risk to the organization. The prevalence of combolist sources suggests a broad attack surface for credential compromise. Remediation efforts should prioritize strengthening authentication mechanisms, such as implementing multi-factor authentication across all services, and enhancing monitoring for infostealer activity and anomalous login patterns. A thorough investigation into the root cause of the data breaches and the extent of credential compromise is also recommended.

Total Events

81,591
credential exposure events

Employee Affected Events

43,665
account email domain = centerpointenergy.com

Client Affected Events

37,926
service target = centerpointenergy.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
15,00010,0005,0000
peak month 12,413
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events8,422
Share10%
Data breaches
Events73,169
Share90%
Infostealer logs (10%)
8,422events
Data breaches (90%)
73,169events

43,665 compromised employee accounts pose an infrastructure risk, while 37,926 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender63
Avast Norton12
Bitdefender1
Unknown1
Kaspersky1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,523
Rhadamanthys1,257
LummaC21,016
Acreed548
Vidar293
X-Files242
Millenium78
Remus39
Raccoon19

Top Login URLs

Top exposed services found in the event results

  1. 1https://extsso.centerpointenergy.com/auth/module.php/core/loginuserpass.php3,536
  2. 2extsso.centerpointenergy.com/auth/module.php/core/loginuserpass.php2,530
  3. 3https://extsso.centerpointenergy.com2,136
  4. 4extsso.centerpointenergy.com2,066
  5. 5https://login.centerpointenergy.com/cnpcwecafprod.onmicrosoft.com/b2c_1a_signuporsignin/oauth2/v2.0/authorize1,954
  6. 6https://myaccount.centerpointenergy.com1,762
  7. 7myaccount.centerpointenergy.com1,586
  8. 8https://myaccount.centerpointenergy.com/Login/SignInSiteminder.aspx1,448
  9. 9centerpointenergy.com941
  10. 10login.centerpointenergy.com/cnpcwecafprod.onmicrosoft.com/b2c_1a_signuporsignin/oauth2/v2.0/authorize938

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events4,138
Netherlands
Events419
Germany
Events374
Denmark
Events176
Indonesia
Events60
Pakistan
Events50
United Kingdom
Events41
Canada
Events35

Country Breakdown

  1. 1United States4,138
  2. 2Netherlands419
  3. 3Germany374
  4. 4Denmark176
  5. 5Indonesia60
  6. 6Pakistan50
  7. 7United Kingdom41
  8. 8Canada35

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix44
Pulse Secure37
Microsoft32
FortiNet VPN22
Cisco (AnyConnect)18
Git4

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11873
Windows 11 24H2 build 26100 (64 Bit)755
Windows 10 Home x64436
Windows 10 22H2 build 19045 (64 Bit)370
Windows 10219

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
61,496
Combolist pools
11,673
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.