Back

drugstore.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain drugstore.com has experienced a significant number of data breach and infostealer events, totaling over 9,000 incidents within the reporting period. The majority of these events are attributed to historical data breaches (93.2%), with active infostealer logs comprising the remaining 6.8%. A notable concentration of these events occurred in September 2025 and January 2026, impacting both employee and client data. The primary sources of exposure appear to be combolist sources (94%) and database dumps (6%). Malware families such as Redline, LummaC2, and Rhadamanthys are frequently associated with these infostealer events, indicating a high risk of credential compromise and potential account takeovers. The targeted services are predominantly login pages and the main domain, suggesting direct attacks on user authentication mechanisms.

Total Events

9,191
credential exposure events

Employee Affected Events

702
account email domain = drugstore.com

Client Affected Events

8,489
service target = drugstore.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,5001,6678330
peak month 2,469
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events621
Share7%
Data breaches
Events8,570
Share93%
Infostealer logs (7%)
621events
Data breaches (93%)
8,570events

702 compromised employee accounts pose an infrastructure risk, while 8,489 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender10

Malware Families Distribution

Distribution of Active Stealer Strains

Redline98
LummaC293
Rhadamanthys89
Acreed34
Vidar34
X-Files18
RisePro7
Remus5
StealC4

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.drugstore.com/user/login.asp1,155
  2. 2drugstore.com1,121
  3. 3drugstore.com/user/login.asp958
  4. 4https://www.drugstore.com698
  5. 5https://drugstore.com695
  6. 6www.drugstore.com/user/login.asp623
  7. 7www.drugstore.com493
  8. 8https://www.drugstore.com/account/default.asp365
  9. 9drugstore.com/account/default.asp300
  10. 10https://www.drugstore.com/295

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events240
South Korea
Events17
Taiwan
Events11
Thailand
Events8
Portugal
Events8
Nigeria
Events7

Country Breakdown

  1. 1United States240
  2. 2South Korea17
  3. 3Bahamas16
  4. 4Taiwan11
  5. 5Hong Kong SAR China10
  6. 6Thailand8
  7. 7Portugal8
  8. 8Nigeria7

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Home x6452
Windows 1151
Windows 11 24H2 build 26100 (64 Bit)47
Windows 10 22H2 build 19045 (64 Bit)34
Windows 11 Home30

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
8,056
Combolist pools
514
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.