Back

dominionenergy.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain dominionenergy.com has experienced a significant number of data breaches, totaling 75,868 events, which represent 88.5% of all recorded events during the reporting period. Additionally, there were 9,898 infostealer events, accounting for 11.5% of the total. The timeline indicates a surge in employee and client-related events in September 2025 and January 2026, with a notable increase in client events in March and June 2026. The most prevalent malware families observed are Redline, Rhadamanthys, and LummaC2, often associated with infostealer activities. The primary sources of leaked data appear to be combolist sources and database dumps. Given the high volume of data breaches and the presence of infostealer malware targeting credentials, this exposure poses a critical risk to Dominion Energy. The prevalence of Redline and Rhadamanthys suggests a focus on harvesting sensitive information such as login credentials and financial data. Remediation efforts should prioritize securing authentication mechanisms, particularly those related to the targeted services like mydom.dominionenergy.com and login.dominionenergy.com, and enhancing defenses against infostealer malware. A thorough investigation into the root causes of the data breaches and the effectiveness of current data protection measures is also recommended.

Total Events

85,766
credential exposure events

Employee Affected Events

44,752
account email domain = dominionenergy.com

Client Affected Events

41,014
service target = dominionenergy.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
20,00013,3336,6670
peak month 15,059
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events9,898
Share12%
Data breaches
Events75,868
Share89%
Infostealer logs (12%)
9,898events
Data breaches (89%)
75,868events

44,752 compromised employee accounts pose an infrastructure risk, while 41,014 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender387
Windows Defender.89
Windows Defender Avast Antivirus.10
Windows Defender ESET Security.5
Windows Defender McAfee5
Windows Defender McAfee.5
Windows Defender Sophos Intercept X Sophos Intercept X.5
Windows Defender Webroot SecureAnywhere2
Reason Cybersecurity1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,572
Rhadamanthys1,309
LummaC2898
Acreed670
Vidar470
Blank Grabber260
X-Files208
Millenium114
RisePro50

Top Login URLs

Top exposed services found in the event results

  1. 1https://mydom.dominionenergy.com/siteminderagent/forms/login.fcc4,438
  2. 2https://mydom.dominionenergy.com3,012
  3. 3mydom.dominionenergy.com/siteminderagent/forms/login.fcc2,945
  4. 4mydom.dominionenergy.com2,683
  5. 5https://login.dominionenergy.com/CommonLogin2,525
  6. 6dominionenergy.com1,847
  7. 7https://www.dominionenergy.com/sign-in1,504
  8. 8https://mydom.dominionenergy.com/registration/index1,433
  9. 9dominionenergy.com/sign-in1,172
  10. 10https://mydom.dominionenergy.com/1,039

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events4,627
Netherlands
Events431
Germany
Events311
Denmark
Events170
Mexico
Events85
United Kingdom
Events54
France
Events52
India
Events50

Country Breakdown

  1. 1United States4,627
  2. 2Netherlands431
  3. 3Germany311
  4. 4Denmark170
  5. 5Mexico85
  6. 6United Kingdom54
  7. 7France52
  8. 8India50

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix69
Okta47
Pulse Secure28
Cisco (AnyConnect)17
FortiNet VPN13
Git8
Auth02

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11984
Windows 11 24H2 build 26100 (64 Bit)635
Windows 10 Home x64452
Windows 10 22H2 build 19045 (64 Bit)361
Windows 10257

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
63,273
Combolist pools
12,595
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.