Back

exxonmobil.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting ExxonMobil, with 69,410 historical data breaches and 1,576 active infostealer logs observed over the reporting period. The majority of events, 97.8%, are attributed to historical data breaches, while 2.2% are active infostealer logs. Employee data appears to be the primary target, accounting for 64,827 events, followed by client data with 6,159 events. Malware families such as LummaC2, Rhadamanthys, and Redline are prevalent, suggesting a sophisticated threat actor. The data also shows targeted services including exxonmobil.com, its job portals, and various mobile applications, alongside a geographical distribution primarily in Canada, New Zealand, and Singapore. The presence of "Combolist sources" and "Database dumps" in leak repositories further indicates credential stuffing and data exfiltration as key attack vectors.

Total Events

70,986
credential exposure events

Employee Affected Events

64,827
account email domain = exxonmobil.com

Client Affected Events

6,159
service target = exxonmobil.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
50,00033,33316,6670
peak month 42,904
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,576
Share2%
Data breaches
Events69,410
Share98%
Infostealer logs (2%)
1,576events
Data breaches (98%)
69,410events

64,827 compromised employee accounts pose an infrastructure risk, while 6,159 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender McAfee5
Windows Defender4

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2331
Rhadamanthys231
Redline198
Vidar107
Acreed83
StealC32
Remus24
Millenium9
RisePro8

Top Login URLs

Top exposed services found in the event results

  1. 1exxonmobil.com488
  2. 2android://ddVEBIdmq8zKIRLaaOMWrhXsMIpxOEz2axyGuameHfcBmTl0Qk0RKomxR2A3hwiCCHa9UlQzMA2PTGBb2cXuFw==@com.exxonmobil.mobil.nz/322
  3. 3https://jobs.exxonmobil.com299
  4. 4jobs.exxonmobil.com293
  5. 5android://8VTuEKkDuJxjJ2AsM7Wo6vCeGjB0z-Y38vPQWq4dKEVkU9GKQB30Uf1HO7dx_NgMkQ1FwFiu0MJKEamG28VXgQ==@com.exxonmobil.speedpassplus_ca/273
  6. 6android://RHKn438ERj_xVZwHfD6lythghyl2H1UacgHNBnc1EVYmeb3FZrsff7Cc4HSrYn7MOLN-4zhTD5ujazwIZQy1zg==@com.exxonmobil.Esso_Extras/228
  7. 7android://pXYafzzHa-8ztQynhyoQrrNe_gT07zCcu3rVIwGowBF4Qj0NsHK5G2S10GD_5WGtV_FAToq7tM__DKfg9Oph-g==@com.exxonmobil.esso.sg/224
  8. 8https://pf.eas.exxonmobil.com/as/authorization.oauth2184
  9. 9https://pf.eas.exxonmobil.com136
  10. 10pf.eas.exxonmobil.com/as/authorization.oauth2130

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Canada
Events140
New Zealand
Events130
Singapore
Events111
Netherlands
Events93
Egypt
Events70
United States
Events66
Belgium
Events43
Malaysia
Events40

Country Breakdown

  1. 1Canada140
  2. 2New Zealand130
  3. 3Singapore111
  4. 4Netherlands93
  5. 5Egypt70
  6. 6United States66
  7. 7Belgium43
  8. 8Malaysia40

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft31
Cisco (AnyConnect)18
Microsoft Entra ID (External ID / B2C)5
Zendesk5
Auth03
Git3

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 22H2 build 19045 (64 Bit)130
Windows 11123
Windows 11 24H2 build 26100 (64 Bit)110
Windows 10 Home68
Windows 10 Enterprise x6466

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
13,994
Combolist pools
55,416
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.