Back

coca-cola.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting Coca-Cola, with over 173,000 historical data breaches and 18,000 infostealer logs detected within the reporting period. The majority of these events are attributed to combolist sources and database dumps, suggesting compromised credentials. Malware families such as Redline, LummaC2, and Rhadamanthys are prevalent, targeting services like login.latam.coca-cola.com and register.coca-cola.com, with Brazil and the United States showing the highest geographical concentration of affected systems. The high volume of data breaches and infostealer activity, coupled with the prevalence of credential-harvesting malware, presents a critical risk. The focus should be on immediate credential rotation for affected employee and client accounts, particularly those associated with the identified Latin American and US login services. A thorough investigation into the root cause of the database dumps and combolist exposures is paramount to prevent recurrence and further compromise.

Total Events

191,191
credential exposure events

Employee Affected Events

70,338
account email domain = coca-cola.com

Client Affected Events

120,853
service target = coca-cola.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
30,00020,00010,0000
peak month 28,927
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events18,121
Share10%
Data breaches
Events173,070
Share91%
Infostealer logs (10%)
18,121events
Data breaches (91%)
173,070events

70,338 compromised employee accounts pose an infrastructure risk, while 120,853 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender127
Malwarebytes16
Windows Defender [ON]5
Kaspersky2
Windows Defender Kaspersky Total Security Panda Dome1
Bitdefender1
Windows Defender Kaspersky Security Cloud1
KINGSOFT Internet Security リアルタイムガード1
Windows Defender Panda Dome1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline5,002
LummaC22,714
Rhadamanthys1,972
Acreed1,414
Vidar940
StealC309
Millenium147
X-Files122
RisePro104

Top Login URLs

Top exposed services found in the event results

  1. 1https://login.latam.coca-cola.com/c206a032-1abd-4f16-abec-5634d45d70eb/B2C_1A_signup_signin_BR_V1_HUB/api/CombinedSigninAndSignup/unified5,907
  2. 2login.latam.coca-cola.com5,672
  3. 3https://login.latam.coca-cola.com5,477
  4. 4coca-cola.com4,366
  5. 5https://login.latam.coca-cola.com/c206a032-1abd-4f16-abec-5634d45d70eb/B2C_1A_signup_signin_Generic/api/CombinedSigninAndSignup/unified3,994
  6. 6login.latam.coca-cola.com/c206a032-1abd-4f16-abec-5634d45d70eb/B2C_1A_signup_signin_BR_V1_HUB/api/CombinedSigninAndSignup/unified3,420
  7. 7https://register.coca-cola.com3,356
  8. 8register.coca-cola.com3,237
  9. 9us.coca-cola.com2,723
  10. 10https://us.coca-cola.com2,415

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Brazil
Events3,199
United States
Events1,981
Mexico
Events1,405
Germany
Events512
Argentina
Events449
Netherlands
Events420
France
Events402

Country Breakdown

  1. 1Brazil3,199
  2. 2United States1,981
  3. 3Mexico1,405
  4. 4Germany512
  5. 5Argentina449
  6. 6Netherlands420
  7. 7France402
  8. 8Serbia301

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft393
Cisco (AnyConnect)249
Citrix61
Git16
Pulse Secure11
Zendesk5
FortiNet VPN4

Operating System Distribution

Distribution of compromised endpoint builds

Windows 111,436
Windows 10 Enterprise x641,380
Windows 10 22H2 build 19045 (64 Bit)916
Windows 10758
Windows 10 Home x64753

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
142,316
Combolist pools
30,754
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.