Back

expedia.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event for expedia.com, with a risk score of 100. The primary concern stems from a large volume of historical data breaches, accounting for 88.3% of the observed events, alongside a substantial number of active infostealer logs at 11.7%. These events collectively impact over 367,000 clients and nearly 54,000 employees, with the majority of data breaches and infostealer activity occurring between September 2025 and March 2026, with a notable spike in client-related events in March 2026. The data suggests that credentials from "Combolist sources" are the most prevalent type of leaked data, representing 95.4% of repository classifications, which is a strong indicator of credential stuffing attacks.

Total Events

420,724
credential exposure events

Employee Affected Events

53,693
account email domain = expedia.com

Client Affected Events

367,031
service target = expedia.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
120,00080,00040,0000
peak month 102,009
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events49,177
Share12%
Data breaches
Events371,547
Share88%
Infostealer logs (12%)
49,177events
Data breaches (88%)
371,547events

53,693 compromised employee accounts pose an infrastructure risk, while 367,031 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender960
McAfee51
Webroot SecureAnywhere38
Windows Defender.33
McAfee VirusScan32
Windows Defender Norton Security12
Malwarebytes12
Unknown11
Sentinel Agent7

Malware Families Distribution

Distribution of Active Stealer Strains

Redline9,268
LummaC27,032
Rhadamanthys6,030
Acreed3,580
Vidar2,728
X-Files879
StealC583
RisePro511
Millenium505

Top Login URLs

Top exposed services found in the event results

  1. 1expedia.com39,426
  2. 2https://expedia.com27,964
  3. 3https://www.expedia.com25,413
  4. 4www.expedia.com18,068
  5. 5https://www.expedia.com/user/signin14,198
  6. 6android://EeGuZBmVIPxALu8WvkL4jH8s_OIseXDT75xTmAxfH-w0I-hjfjgKyHWGVmx5cngkB7rFFDD9-UcpuVV-Zs7V2A==@com.expedia.bookings/14,094
  7. 7expedia.com/user/signin9,775
  8. 8https://www.expedia.com/7,932
  9. 9www.expedia.com/user/signin7,376
  10. 10https://www.expedia.com/HotelCheckout6,505

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events14,890
Mexico
Events1,789
Canada
Events887
India
Events761
Egypt
Events553
Netherlands
Events551
Germany
Events468

Country Breakdown

  1. 1United States14,890
  2. 2Mexico1,789
  3. 3Canada887
  4. 4India761
  5. 5Dominican Republic582
  6. 6Egypt553
  7. 7Netherlands551
  8. 8Germany468

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft1,174
Citrix61
Okta17
Pulse Secure17
FortiNet VPN15
Git13
Cisco (AnyConnect)8

Operating System Distribution

Distribution of compromised endpoint builds

Windows 114,769
Windows 11 24H2 build 26100 (64 Bit)3,330
Windows 10 Home x642,853
Windows 10 Enterprise x642,615
Windows 10 22H2 build 19045 (64 Bit)1,711

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
354,502
Combolist pools
17,045
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.