Back

columbia.edu Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain columbia.edu has experienced a significant number of historical data breaches, totaling 196,714 events, which represent 93% of all recorded events. Additionally, there are 14,725 active infostealer logs, accounting for 7% of events. The timeline indicates a surge in employee and client-related events in September 2025, with substantial numbers also observed in January and June 2026 for employees, and August 2025 and March 2026 for clients. Malware families such as LummaC2, X-Files, and Rhadamanthys are prevalent, and targeted services include the main columbia.edu domain and its authentication portals, alongside application portals for admissions and specific schools. Leak repositories show a high volume of combolist sources and database dumps.

Total Events

211,439
credential exposure events

Employee Affected Events

153,611
account email domain = columbia.edu

Client Affected Events

57,828
service target = columbia.edu

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 37,698
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events14,725
Share7%
Data breaches
Events196,714
Share93%
Infostealer logs (7%)
14,725events
Data breaches (93%)
196,714events

153,611 compromised employee accounts pose an infrastructure risk, while 57,828 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender212
Avira Security3
Avast3
Windows Defender.1
Kaspersky1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC21,600
X-Files1,549
Rhadamanthys1,421
Acreed1,364
Redline1,240
Vidar1,013
Millenium189
Remus121
StealC111

Top Login URLs

Top exposed services found in the event results

  1. 1columbia.edu14,905
  2. 2https://cas.columbia.edu/cas/login1,379
  3. 3tc.columbia.edu1,372
  4. 4https://apply.college.columbia.edu/account/password1,023
  5. 5https://apply.college.columbia.edu/account/login860
  6. 6cas.columbia.edu/cas/login802
  7. 7https://apply.sps.columbia.edu/account/password722
  8. 8https://apply.engineering.columbia.edu/account/password677
  9. 9apply.college.columbia.edu/account/password550
  10. 10https://cas.columbia.edu509

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events3,701
India
Events666
Spain
Events478
Mexico
Events393
Pakistan
Events202
Ghana
Events164
United Kingdom
Events145
Guatemala
Events142

Country Breakdown

  1. 1United States3,701
  2. 2India666
  3. 3Spain478
  4. 4Mexico393
  5. 5Pakistan202
  6. 6Ghana164
  7. 7United Kingdom145
  8. 8Guatemala142

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft270
Cisco (AnyConnect)108
WordPress72
Git63
Auth030
Microsoft Entra ID (External ID / B2C)17
Citrix13

Operating System Distribution

Distribution of compromised endpoint builds

Windows 113,100
Windows 10 22H2 build 19045 (64 Bit)690
Windows 10 Home x64677
Windows 11 Pro622
Windows 10516

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
113,405
Combolist pools
83,309
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.