Back

gxo.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of employee and client data, with 2,244 employee-related events and 59 client-related events observed over the reporting period. The data is heavily skewed towards historical data breaches (2,129 events) and active infostealer logs (174 events), suggesting a persistent threat landscape. Malware families such as Acreed, LummaC2, and Rhadamanthys are prevalent, indicating potential credential harvesting and further compromise. The primary affected geographies are the United Kingdom and the United States. The presence of "Combolist sources" and "Database dumps" in leak repositories further corroborates the high volume of data breach events. Given the high volume of historical data breaches and active infostealer activity, this exposure presents a critical risk. The prevalence of infostealer malware targeting employee and client credentials necessitates immediate attention to prevent further unauthorized access and potential financial or reputational damage. Remediation efforts should focus on enhancing endpoint security, credential hygiene, and monitoring for ongoing data exfiltration, particularly concerning the identified malware families and targeted services like gxo.com and its subdomains.

Total Events

2,303
credential exposure events

Employee Affected Events

2,244
account email domain = gxo.com

Client Affected Events

59
service target = gxo.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
5003331670
peak month 416
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events174
Share8%
Data breaches
Events2,129
Share92%
Infostealer logs (8%)
174events
Data breaches (92%)
2,129events

2,244 compromised employee accounts pose an infrastructure risk, while 59 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender3

Malware Families Distribution

Distribution of Active Stealer Strains

Acreed38
LummaC231
Rhadamanthys27
Redline16
Vidar5
Remus3
Raccoon2
Millenium2

Top Login URLs

Top exposed services found in the event results

  1. 1gxo.com8
  2. 2https://mygxo.gxo.com/5
  3. 3sciberia.gxo.com5
  4. 4https://powerbi.am.gxo.com/4
  5. 5https://applications.gxo.com/transport/rdv/rdv_exit.jsp4
  6. 6https://sciberia.gxo.com3
  7. 7sciberia.gxo.com/FGA/Inicio/login2
  8. 8https://sciberia.gxo.com/FGA/Inicio/login2
  9. 9https://sid5.gxo.com/2
  10. 10mygxo.gxo.com/2

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United Kingdom
Events84
United States
Events11
Spain
Events6
Canada
Events5
France
Events5
Netherlands
Events2
Taiwan
Events2
Romania
Events1

Country Breakdown

  1. 1United Kingdom84
  2. 2United States11
  3. 3Spain6
  4. 4Canada5
  5. 5France5
  6. 6Netherlands2
  7. 7Taiwan2
  8. 8Romania1

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft587
F51

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1146
Windows 11 24H2 build 26100 (64 Bit)25
Windows 11 Home (10.0.26100) x6419
Windows 10 Home x6412
Windows 107

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
1,194
Combolist pools
935
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.