Back

concentrix.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting Concentrix, with over 208,000 historical data breaches and 40,000 active infostealer logs detected between July 2025 and June 2026. The majority of these events are linked to compromised credentials found in combolist sources and database dumps, affecting a substantial number of employees and clients. Malware families such as LummaC2, Rhadamanthys, and Redline are prevalent, targeting services like ADFS and assessment portals, primarily on Windows operating systems. Geographically, the Philippines, India, and Egypt show the highest incidence of these events.

Total Events

249,350
credential exposure events

Employee Affected Events

159,684
account email domain = concentrix.com

Client Affected Events

89,666
service target = concentrix.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 30,681
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events40,718
Share16%
Data breaches
Events208,632
Share84%
Infostealer logs (16%)
40,718events
Data breaches (84%)
208,632events

159,684 compromised employee accounts pose an infrastructure risk, while 89,666 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender489
Norton Security30
Windows Defender.26
Avast17
Windows Defender McAfee.13
None12
Windows Defender ESET Security10
Malwarebytes8
Windows Defender [ON]6

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC27,076
Rhadamanthys5,042
Redline4,862
Vidar3,078
Acreed2,344
RisePro729
StealC673
Remus420
Millenium367

Top Login URLs

Top exposed services found in the event results

  1. 1https://adfs.concentrix.com/adfs/ls/10,322
  2. 2https://adfs.concentrix.com/8,932
  3. 3https://assessments.concentrix.com/login/index.php8,445
  4. 4adfs.concentrix.com8,402
  5. 5https://adfs.concentrix.com7,744
  6. 6https://adfs.concentrix.com/adfs/ls/IDPInitiatedSignon.aspx6,706
  7. 7adfs.concentrix.com/adfs/ls/6,262
  8. 8adfs.concentrix.com/5,478
  9. 9assessments.concentrix.com/login/index.php5,459
  10. 10adfs.concentrix.com/adfs/ls/IDPInitiatedSignon.aspx4,197

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Philippines
Events11,699
India
Events3,452
Egypt
Events2,012
United States
Events1,828
Canada
Events614
Colombia
Events511
Brazil
Events456
Malaysia
Events393

Country Breakdown

  1. 1Philippines11,699
  2. 2India3,452
  3. 3Egypt2,012
  4. 4United States1,828
  5. 5Canada614
  6. 6Colombia511
  7. 7Brazil456
  8. 8Malaysia393

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft82,498
Cisco (AnyConnect)1,812
Zendesk480
WordPress463
Salesforce155
F595
Okta45

Operating System Distribution

Distribution of compromised endpoint builds

Windows 112,700
Windows 10 22H2 build 19045 (64 Bit)2,479
Windows 10 Enterprise x642,052
Windows 11 24H2 build 26100 (64 Bit)1,806
Windows 10 Pro (10.0.19045) x641,594

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
188,583
Combolist pools
20,049
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.