Back

dollargeneral.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain dollargeneral.com has experienced a significant number of data breach and infostealer events, totaling over 135,000 incidents within the reporting period. A substantial portion of these events, approximately 88%, are classified as historical data breaches, while the remaining 12% are active infostealer logs. The timeline indicates a notable surge in employee and client-related events in January 2026, with over 40,000 employee events and over 4,000 client events recorded in that month. Malware analysis reveals Redline, Rhadamanthys, and LummaC2 as the most prevalent families, suggesting a focus on credential harvesting and information theft. The data also indicates that 67.6% of leaks originate from combolist sources and 32.4% from database dumps, highlighting the risk of compromised credentials and large-scale data exfiltration.

Total Events

135,529
credential exposure events

Employee Affected Events

72,034
account email domain = dollargeneral.com

Client Affected Events

63,495
service target = dollargeneral.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
50,00033,33316,6670
peak month 40,508
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events16,354
Share12%
Data breaches
Events119,175
Share88%
Infostealer logs (12%)
16,354events
Data breaches (88%)
119,175events

72,034 compromised employee accounts pose an infrastructure risk, while 63,495 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender201
Malwarebytes27
Windows Defender McAfee11
Windows Defender McAfee VirusScan11
Windows Defender Kaspersky Total Security UltraAV6
Avast Norton4
Windows Defender Reason Cybersecurity2
Reason Cybersecurity1
Windows Defender Kaspersky.1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline3,327
Rhadamanthys2,414
LummaC22,209
Acreed1,153
Vidar827
X-Files191
Millenium149
RisePro113
StealC81

Top Login URLs

Top exposed services found in the event results

  1. 1android://VMHcD-gaFZD6gIO3c235BjqqZvYgo2BJAbH9qwWxaAR9ADjgrBOaKtzhw4YL2wLy_i2eXkezMkADEZauGg0rJA==@com.dollargeneral.android/5,790
  2. 2dollargeneral.com4,524
  3. 3https://www.dollargeneral.com/sign-in3,592
  4. 4https://coupons.dollargeneral.com/signin/3,129
  5. 5https://dollargeneral.com2,930
  6. 6https://www.dollargeneral.com2,707
  7. 7https://www.dollargeneral.com/1,951
  8. 8coupons.dollargeneral.com/signin/1,761
  9. 9www.dollargeneral.com1,744
  10. 10https://www.dollargeneral.com/customer/account/login/1,711

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events8,362
Germany
Events398
Netherlands
Events372
Denmark
Events168
Venezuela
Events157
France
Events64
United Kingdom
Events48
Pakistan
Events45

Country Breakdown

  1. 1United States8,362
  2. 2Germany398
  3. 3Netherlands372
  4. 4Denmark168
  5. 5Venezuela157
  6. 6France64
  7. 7United Kingdom48
  8. 8Pakistan45

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix57
Microsoft39
FortiNet VPN22
Pulse Secure18
Cisco (AnyConnect)17
Git16
Microsoft Entra ID (External ID / B2C)3

Operating System Distribution

Distribution of compromised endpoint builds

Windows 111,400
Windows 11 24H2 build 26100 (64 Bit)1,250
Windows 10 Home x64769
Windows 10 22H2 build 19045 (64 Bit)583
Windows 11 Home463

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
80,616
Combolist pools
38,559
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.