Back

devonenergy.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting Devon Energy, with 3,339 historical data breaches and 24 active infostealer logs observed over the reporting period. The majority of these events, 92.1%, are linked to database dumps, with an additional 7.9% originating from combolist sources. Malware families such as Blank Grabber, Vidar, and Redline were detected, primarily targeting Windows operating systems. The exposure is heavily concentrated around the careers portal, specifically job listings and talent community subscription pages, suggesting a potential compromise of recruitment-related data or systems. A notable surge in employee-related events occurred in January 2026, coinciding with a large number of client-related events in March 2026, indicating a potential escalation or widespread impact during these periods. Given the high volume of historical data breaches and active infostealer logs, this situation presents a critical risk. The concentration of events on the careers portal suggests that sensitive employee and potentially client information related to recruitment processes may be compromised. Prioritization should focus on investigating the database dumps and combolist sources to understand the full scope of compromised data, assessing the impact on the careers portal and associated systems, and implementing immediate remediation to secure these assets and prevent further data exfiltration. The presence of infostealer malware necessitates a thorough endpoint and network scan to detect and remove any active infections.

Total Events

3,363
credential exposure events

Employee Affected Events

3,075
account email domain = devonenergy.com

Client Affected Events

288
service target = devonenergy.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
4,0002,6671,3330
peak month 3,069
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events24
Share1%
Data breaches
Events3,339
Share99%
Infostealer logs (1%)
24events
Data breaches (99%)
3,339events

3,075 compromised employee accounts pose an infrastructure risk, while 288 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

Blank Grabber6
Vidar5
Redline4
LummaC23
Acreed1

Top Login URLs

Top exposed services found in the event results

  1. 1careers.devonenergy.com35
  2. 2https://careers.devonenergy.com34
  3. 3https://careers.devonenergy.com/job/Oklahoma-City-Data-Scientist-OK-73101/270389300/12
  4. 4careers.devonenergy.com/talentcommunity/subscribe7
  5. 5careers.devonenergy.com/talentcommunity/subscribe/6
  6. 6https://careers.devonenergy.com/talentcommunity/subscribe6
  7. 7https://careers.devonenergy.com/talentcommunity/subscribe/5
  8. 8careers.devonenergy.com/job/Oklahoma-City-Geologist-OK-73101/494850500/5
  9. 9careers.devonenergy.com/job/Oklahoma-City-Geologist-OK-73101/4948505004
  10. 10careers.devonenergy.com/job/Bonnyville-Operations-Engineer-AB/503886700/4

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Canada
Events3
India
Events3
Argentina
Events2
Brazil
Events2
Morocco
Events1
United States
Events1
Egypt
Events1
Iraq
Events1

Country Breakdown

  1. 1Canada3
  2. 2India3
  3. 3Argentina2
  4. 4Brazil2
  5. 5Morocco1
  6. 6United States1
  7. 7Egypt1
  8. 8Iraq1

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Microsoft Windows Server 2022 Standard6
Windows 11 Home Single Language3
Windows 10 (10.0.19045)3
Windows 10 Enterprise x642
10.0.20348 N/A Build 203482

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
265
Combolist pools
3,074
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.