Back

dxc.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain dxc.com exhibits a critical risk score of 100, primarily driven by an overwhelming volume of historical data breaches (90.3%) and a significant number of active infostealer logs (9.7%). The data indicates a substantial exposure of employee and client information, with employee-related events significantly outnumbering client events throughout the observed period, particularly spiking in January 2026. The presence of infostealer logs, including LummaC2, Redline, and Rhadamanthys, suggests ongoing compromise and potential exfiltration of sensitive data. The majority of leaked data originates from combolist sources and database dumps, indicating credential stuffing and direct data compromise. Given the high risk score and the nature of the events, immediate prioritization is required. The focus should be on investigating the root causes of the historical data breaches and actively monitoring for and mitigating ongoing infostealer activity. Remediation efforts should concentrate on strengthening authentication mechanisms, particularly for services like uid.dxc.com and idm.dxc.com, enhancing endpoint security to detect and remove infostealers, and reviewing data access controls to prevent further exfiltration. The prevalence of Windows 11 and Windows 10 operating systems in the telemetry suggests that endpoint security on these platforms is a critical area for review.

Total Events

77,723
credential exposure events

Employee Affected Events

69,889
account email domain = dxc.com

Client Affected Events

7,834
service target = dxc.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
30,00020,00010,0000
peak month 27,578
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events7,534
Share10%
Data breaches
Events70,189
Share90%
Infostealer logs (10%)
7,534events
Data breaches (90%)
70,189events

69,889 compromised employee accounts pose an infrastructure risk, while 7,834 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender80
Windows Defender McAfee VirusScan20
Avast1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC21,112
Redline978
Rhadamanthys858
Vidar654
Acreed557
RisePro238
StealC135
Remus93
Millenium92

Top Login URLs

Top exposed services found in the event results

  1. 1https://uid.dxc.com/2,850
  2. 2uid.dxc.com/1,818
  3. 3uid.dxc.com1,360
  4. 4https://uid.dxc.com1,265
  5. 5https://idm.dxc.com/cscidm/PasswordServices.jsf521
  6. 6https://gpl.houston.dxc.com/siteminderagent/forms/login.dxc.fcc504
  7. 7idm.dxc.com503
  8. 8https://idm.dxc.com498
  9. 9dxc.com448
  10. 10gpl.houston.dxc.com/siteminderagent/forms/login.dxc.fcc309

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events1,160
Philippines
Events447
United Kingdom
Events298
Netherlands
Events281
Spain
Events280
Brazil
Events273
Argentina
Events238
Malaysia
Events225

Country Breakdown

  1. 1India1,160
  2. 2Philippines447
  3. 3United Kingdom298
  4. 4Netherlands281
  5. 5Spain280
  6. 6Brazil273
  7. 7Argentina238
  8. 8Malaysia225

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft3,729
Microsoft Entra ID (External ID / B2C)89
Jira (Atlassian)86
Auth041
Okta38
GitLab37
Salesforce36

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11722
Windows 11 24H2 build 26100 (64 Bit)633
Windows 10 Enterprise x64433
Windows 11 Pro308
Windows 10 Pro (10.0.19045) x64290

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
42,136
Combolist pools
28,053
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.