Back

costco.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting costco.com, with a total of 660,042 recorded events over the period from July 2025 to June 2026. The majority of these events, 571,535, are classified as historical data breaches, while 88,507 are active infostealer logs. The data suggests a widespread compromise affecting both employees (76,298) and clients (583,744). Key malware families involved include Rhadamanthys, Redline, and LummaC2, all known for credential theft. The exposure is heavily concentrated in the United States, with additional activity in Canada and Mexico. The primary source of leaked data appears to be combolist sources, accounting for 92.7% of the identified repository leaks.

Total Events

660,042
credential exposure events

Employee Affected Events

76,298
account email domain = costco.com

Client Affected Events

583,744
service target = costco.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
200,000133,33366,6670
peak month 155,596
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events88,507
Share13%
Data breaches
Events571,535
Share87%
Infostealer logs (13%)
88,507events
Data breaches (87%)
571,535events

76,298 compromised employee accounts pose an infrastructure risk, while 583,744 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender1,695
Windows Defender.87
Webroot SecureAnywhere57
Malwarebytes38
McAfee30
Windows Defender 电脑管家系统防护 腾讯电脑管家系统防护21
Avast Antivirus18
Windows Defender McAfee14
Windows Defender Norton Security12

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys13,005
Redline12,117
LummaC211,496
Acreed8,985
Vidar4,460
X-Files2,553
Millenium1,466
Blank Grabber699
StealC548

Top Login URLs

Top exposed services found in the event results

  1. 1costco.com40,558
  2. 2https://www.costco.com/LogonForm33,931
  3. 3https://costco.com26,312
  4. 4https://www.costco.com25,910
  5. 5https://signin.costco.com24,442
  6. 6signin.costco.com23,187
  7. 7costco.com/LogonForm20,030
  8. 8www.costco.com17,851
  9. 9www.costco.com/LogonForm14,731
  10. 10https://signin.costco.com/13,112

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events35,193
Canada
Events8,006
Mexico
Events1,072
India
Events956
Pakistan
Events531
Puerto Rico
Events526
Venezuela
Events514
Netherlands
Events504

Country Breakdown

  1. 1United States35,193
  2. 2Canada8,006
  3. 3Mexico1,072
  4. 4India956
  5. 5Pakistan531
  6. 6Puerto Rico526
  7. 7Venezuela514
  8. 8Netherlands504

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft619
Citrix55
Pulse Secure27
Git26
Cisco (AnyConnect)23
FortiNet VPN21
WordPress2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1111,885
Windows 11 24H2 build 26100 (64 Bit)7,201
Windows 10 Home x644,488
Windows 10 Enterprise x643,823
Windows 10 22H2 build 19045 (64 Bit)3,314

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
529,734
Combolist pools
41,801
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.