Back

fetlife.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting approximately 184,711 clients and 144 employees of fetlife.com, spanning from July 2025 to June 2026. The primary drivers of this exposure are historical data breaches, accounting for 80.1% of events, and active infostealer logs, representing 19.9%. The data breaches are predominantly sourced from "Combolist sources," suggesting credential stuffing or similar attacks leveraging previously compromised credentials. Infostealer activity is linked to malware families such as LummaC2, Acreed, and Rhadamanthys, which are known for exfiltrating sensitive information. The targeted services are primarily related to user authentication and signup on the fetlife.com domain, indicating a focus on account takeover and credential harvesting. Given the high volume of client data breaches and the active presence of infostealers targeting authentication mechanisms, this incident poses a critical risk to user privacy and account security. The prevalence of "Combolist sources" in leak repositories points to a reliance on previously compromised credentials, necessitating immediate credential reset campaigns for affected users and enhanced monitoring for anomalous login activity. Remediation efforts should focus on strengthening authentication controls, implementing multi-factor authentication where possible, and actively hunting for indicators of compromise related to the identified infostealer families across the user base. The geographical breakdown shows a concentration of affected users in the United States, Canada, and the United Kingdom, which should inform targeted communication and support efforts.

Total Events

184,855
credential exposure events

Employee Affected Events

144
account email domain = fetlife.com

Client Affected Events

184,711
service target = fetlife.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
50,00033,33316,6670
peak month 41,825
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events36,748
Share20%
Data breaches
Events148,107
Share80%
Infostealer logs (20%)
36,748events
Data breaches (80%)
148,107events

144 compromised employee accounts pose an infrastructure risk, while 184,711 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender387
McAfee28
Windows Defender.25
McAfee VirusScan6
Windows Defender ESET Security.6
Malwarebytes5
Windows Defender Panda Dome5
Windows Defender ESET Security4
ESET Security3

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC25,304
Acreed5,186
Rhadamanthys4,738
Redline4,069
Vidar2,292
Millenium685
StealC554
RisePro542
Remus277

Top Login URLs

Top exposed services found in the event results

  1. 1https://fetlife.com28,588
  2. 2fetlife.com26,117
  3. 3https://fetlife.com/signup_step_profile24,574
  4. 4https://fetlife.com/users/sign_in21,403
  5. 5fetlife.com/signup_step_profile18,395
  6. 6fetlife.com/users/sign_in16,000
  7. 7https://fetlife.com/login8,214
  8. 8https://fetlife.com/join8,149
  9. 9https://fetlife.com/7,454
  10. 10fetlife.com/4,607

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events8,159
Canada
Events1,612
United Kingdom
Events1,285
India
Events948
France
Events798
Brazil
Events604
Germany
Events583
Spain
Events564

Country Breakdown

  1. 1United States8,159
  2. 2Canada1,612
  3. 3United Kingdom1,285
  4. 4India948
  5. 5France798
  6. 6Brazil604
  7. 7Germany583
  8. 8Spain564

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix3
WordPress1

Operating System Distribution

Distribution of compromised endpoint builds

Windows 115,110
Windows 11 24H2 build 26100 (64 Bit)1,983
Windows 101,567
Windows 10 Enterprise x641,351
Windows 10 22H2 build 19045 (64 Bit)1,063

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
148,013
Combolist pools
94
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.