Back

eversource.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event for eversource.com, with 63,014 historical data breaches and 5,267 active infostealer logs observed over the reporting period. The majority of these events, 92.3%, are attributed to historical data breaches, while 7.7% are linked to active infostealer logs. The timeline shows a surge in employee and client-related events, particularly in September 2025 and March 2026, suggesting potential compromise of user credentials or sensitive information. Malware analysis reveals Redline, LummaC2, and Rhadamanthys as prevalent infostealer families, often associated with credential theft and data exfiltration. The leak repository classification points to "Combolist sources" as the primary origin of exposed data, indicating a high likelihood of credential stuffing attacks or compromised account lists being leveraged against the organization. Given the high volume of historical data breaches and active infostealer logs, coupled with the prevalence of credential-stealing malware families, the risk to eversource.com is critical. The primary focus for remediation should be on credential hygiene, including mandatory multi-factor authentication enforcement, regular password rotation, and user education on phishing and social engineering tactics. Investigating the source and scope of the "Combolist sources" and "Database dumps" is paramount to understanding the full extent of the data exposure and preventing further compromise. Prioritizing the patching of any identified vulnerabilities in targeted services, especially those related to login and account registration, is also essential.

Total Events

68,281
credential exposure events

Employee Affected Events

39,751
account email domain = eversource.com

Client Affected Events

28,530
service target = eversource.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
10,0006,6673,3330
peak month 9,547
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events5,267
Share8%
Data breaches
Events63,014
Share92%
Infostealer logs (8%)
5,267events
Data breaches (92%)
63,014events

39,751 compromised employee accounts pose an infrastructure risk, while 28,530 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender48
Webroot SecureAnywhere25
Windows Defender McAfee13
Unknown10
Windows Defender Webroot SecureAnywhere2
Windows Defender McAfee Webroot SecureAnywhere2
Bitdefender1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,128
LummaC2543
Rhadamanthys418
Acreed316
Vidar218
StealC115
X-Files76
Millenium60
RisePro50

Top Login URLs

Top exposed services found in the event results

  1. 1eversource.com3,333
  2. 2https://eversource.com2,098
  3. 3https://www.eversource.com/security/account/login2,040
  4. 4https://www.eversource.com1,930
  5. 5eversource.com/security/account/login1,388
  6. 6www.eversource.com1,283
  7. 7www.eversource.com/security/account/login1,067
  8. 8https://www.eversource.com/security/Account/Register909
  9. 9https://www.eversource.com/security/account/Register723
  10. 10eversource.com/security/account/register511

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events2,284
Netherlands
Events405
Germany
Events388
Denmark
Events155
Philippines
Events63
United Kingdom
Events51
India
Events43

Country Breakdown

  1. 1United States2,284
  2. 2Netherlands405
  3. 3Germany388
  4. 4Denmark155
  5. 5Dominican Republic66
  6. 6Philippines63
  7. 7United Kingdom51
  8. 8India43

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft93
Citrix74
Pulse Secure21
FortiNet VPN19
Git18
Cisco (AnyConnect)14
Zendesk9

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11498
Windows 10 Home x64210
Windows 11 24H2 build 26100 (64 Bit)200
Windows 10 Home x32136
Windows 11 Home135

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
58,154
Combolist pools
4,860
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.