Back

deutsche-bank.de Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event affecting Deutsche Bank, with a high risk score of 96. The primary concern stems from a large volume of historical data breaches (17,701 events) and active infostealer logs (3,798 events) observed between July 2025 and June 2026. These events predominantly impacted clients (20,561) and employees (938), suggesting potential credential compromise and unauthorized access. The data breach events are largely attributed to "Combolist sources" (95.5%), indicating a reliance on previously compromised credential lists. Malware families like LummaC2 and Redline were frequently observed, commonly associated with credential theft. The timeline shows a notable spike in employee-related events in January 2026, coinciding with a broader increase in client-related activity. The targeted services are primarily related to Deutsche Bank's online banking portal, meine.deutsche-bank.de, indicating that attackers are likely attempting to gain access to customer and employee accounts through these compromised credentials. The high risk score and the nature of the observed events, particularly the prevalence of infostealers and data breaches linked to credential stuffing and account takeover attempts, necessitate immediate attention. The focus should be on strengthening authentication mechanisms, such as implementing multi-factor authentication across all services, especially for the "meine.deutsche-bank.de" portal. A thorough review of access logs for the affected period is crucial to identify any unauthorized access or data exfiltration. Furthermore, proactive credential hygiene measures for both employees and clients, including regular password resets and user education on phishing and credential security, should be prioritized to mitigate the risk of future compromise.

Total Events

21,499
credential exposure events

Employee Affected Events

938
account email domain = deutsche-bank.de

Client Affected Events

20,561
service target = deutsche-bank.de

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
5,0003,3331,6670
peak month 4,946
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events3,798
Share18%
Data breaches
Events17,701
Share82%
Infostealer logs (18%)
3,798events
Data breaches (82%)
17,701events

938 compromised employee accounts pose an infrastructure risk, while 20,561 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender49
Fortinet5
Avast3
Windows Defender.1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2693
Redline573
Acreed422
Rhadamanthys377
Vidar208
RisePro66
Raccoon65
Remus41
StealC37

Top Login URLs

Top exposed services found in the event results

  1. 1https://meine.deutsche-bank.de/trxm/db/3,667
  2. 2https://meine.deutsche-bank.de2,351
  3. 3meine.deutsche-bank.de/trxm/db/1,971
  4. 4meine.deutsche-bank.de1,826
  5. 5https://meine.deutsche-bank.de/trxm/db/init.do1,152
  6. 6https://meine.deutsche-bank.de/1,123
  7. 7https://meine.deutsche-bank.de/trxm/db628
  8. 8meine.deutsche-bank.de/trxm/db583
  9. 9meine.deutsche-bank.de/565
  10. 10meine.deutsche-bank.de/trxm/db/init.do548

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Germany
Events1,764
Morocco
Events68
United States
Events54
Egypt
Events49
United Kingdom
Events45
Romania
Events34
Türkiye
Events26
France
Events21

Country Breakdown

  1. 1Germany1,764
  2. 2Morocco68
  3. 3United States54
  4. 4Egypt49
  5. 5United Kingdom45
  6. 6Romania34
  7. 7Türkiye26
  8. 8France21

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11474
Windows 10 Enterprise x64287
Windows 11 24H2 build 26100 (64 Bit)171
Windows 10 22H2 build 19045 (64 Bit)118
Windows 10 Pro (10.0.19045) x64103

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
16,898
Combolist pools
803
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.