Back

duke-energy.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant historical data breach event affecting over 159,000 records, alongside active infostealer logs impacting over 17,000 instances. The majority of the data breach events are attributed to "Combolist sources" and "Database dumps," suggesting compromised credentials. The infostealer activity is dominated by malware families such as Redline, Rhadamanthys, and LummaC2, which are known for exfiltrating sensitive information. The timeline shows a surge in employee and client data exposure during January 2026, with a notable increase in client-related events in March 2026. The targeted services are primarily related to the "duke-energy.com" domain, including its sign-in portals, indicating a focus on account compromise. The high volume of historical data breaches and active infostealer logs, coupled with the targeting of authentication services, presents a critical risk of further credential compromise and potential unauthorized access to sensitive customer and employee data. The prevalence of common infostealer malware families suggests a broad attack vector. Prioritization should focus on immediate remediation of identified vulnerabilities, credential reset campaigns for affected users, and enhanced monitoring for suspicious login activity on "duke-energy.com" services. The primary geographic origin of the observed activity appears to be the United States.

Total Events

176,951
credential exposure events

Employee Affected Events

72,717
account email domain = duke-energy.com

Client Affected Events

104,234
service target = duke-energy.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 31,949
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events17,262
Share10%
Data breaches
Events159,689
Share90%
Infostealer logs (10%)
17,262events
Data breaches (90%)
159,689events

72,717 compromised employee accounts pose an infrastructure risk, while 104,234 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender493
McAfee32
Windows Defender Webroot SecureAnywhere28
Windows Defender.20
Windows Defender McAfee10
Webroot SecureAnywhere6
Windows Defender McAfee VirusScan6
Malwarebytes4
Trend Micro Maximum Security4

Malware Families Distribution

Distribution of Active Stealer Strains

Redline3,466
Rhadamanthys2,596
LummaC21,801
Acreed1,525
Vidar851
X-Files430
Millenium186
StealC98
Blank Grabber96

Top Login URLs

Top exposed services found in the event results

  1. 1duke-energy.com9,782
  2. 2https://duke-energy.com5,770
  3. 3https://www.duke-energy.com5,661
  4. 4https://www.duke-energy.com/my-account/sign-in5,226
  5. 5www.duke-energy.com3,869
  6. 6duke-energy.com/my-account/sign-in3,838
  7. 7https://www.duke-energy.com/home3,538
  8. 8https://p-auth.duke-energy.com/my-account/sign-in2,951
  9. 9https://www.duke-energy.com/2,642
  10. 10www.duke-energy.com/my-account/sign-in2,487

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events8,828
Netherlands
Events396
Germany
Events383
India
Events164
Denmark
Events162
Venezuela
Events78
Canada
Events77
Senegal
Events69

Country Breakdown

  1. 1United States8,828
  2. 2Netherlands396
  3. 3Germany383
  4. 4India164
  5. 5Denmark162
  6. 6Venezuela78
  7. 7Canada77
  8. 8Senegal69

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft246
Citrix129
Git28
Pulse Secure19
Cisco (AnyConnect)12
FortiNet VPN9
WordPress3

Operating System Distribution

Distribution of compromised endpoint builds

Windows 111,877
Windows 11 24H2 build 26100 (64 Bit)1,407
Windows 10 Home x641,031
Windows 10 22H2 build 19045 (64 Bit)811
Windows 10 Enterprise x64630

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
123,510
Combolist pools
36,179
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.