Back

comenity.net Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain comenity.net has experienced a significant number of data breaches and infostealer events, totaling over 218,000 incidents within the reporting period. The majority of these events, approximately 81%, are categorized as historical data breaches, while 18.8% are active infostealer logs. The timeline indicates a notable increase in employee and client-related events, particularly in March and April of 2026. The primary malware families associated with these events include Rhadamanthys, Redline, and LummaC2, all of which are known for credential harvesting. Given the high volume of data breaches and the prevalence of infostealer malware targeting credentials, this exposure poses a critical risk. The affected entities include over 100 employees and more than 217,000 clients, with the United States being the most frequently observed geography. Remediation efforts should focus on enhancing credential security, implementing robust endpoint detection and response, and conducting thorough investigations into the root causes of the data breaches and infostealer infections.

Total Events

218,035
credential exposure events

Employee Affected Events

101
account email domain = comenity.net

Client Affected Events

217,934
service target = comenity.net

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
60,00040,00020,0000
peak month 54,380
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events40,901
Share19%
Data breaches
Events177,134
Share81%
Infostealer logs (19%)
40,901events
Data breaches (81%)
177,134events

101 compromised employee accounts pose an infrastructure risk, while 217,934 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender809
McAfee VirusScan52
Windows Defender.45
Windows Defender Advanced SystemCare Ultimate32
Avast Antivirus22
Windows Defender McAfee22
Webroot SecureAnywhere18
McAfee17
Avast Norton8

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys7,247
Redline4,984
LummaC24,940
Acreed2,738
Vidar1,985
X-Files1,134
Millenium481
Blank Grabber360
RisePro203

Top Login URLs

Top exposed services found in the event results

  1. 1https://d.comenity.net18,814
  2. 2d.comenity.net17,799
  3. 3https://d.comenity.net/as/authorization.oauth214,027
  4. 4c.comenity.net11,691
  5. 5https://c.comenity.net11,579
  6. 6https://c.comenity.net/as/authorization.oauth27,356
  7. 7d.comenity.net/as/authorization.oauth26,756
  8. 8https://d.comenity.net/5,755
  9. 9c.comenity.net/as/authorization.oauth23,697
  10. 10d.comenity.net/3,251

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events20,701
Indonesia
Events258
Mexico
Events215
Algeria
Events173
India
Events165
Philippines
Events159
Puerto Rico
Events157
Nigeria
Events145

Country Breakdown

  1. 1United States20,701
  2. 2Indonesia258
  3. 3Mexico215
  4. 4Algeria173
  5. 5India165
  6. 6Philippines159
  7. 7Puerto Rico157
  8. 8Nigeria145

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 24H2 build 26100 (64 Bit)4,387
Windows 114,268
Windows 10 Home x642,581
Windows 10 22H2 build 19045 (64 Bit)1,817
Windows 10 Enterprise x641,593

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
177,105
Combolist pools
29
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.