Back

homeaway.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain homeaway.com experienced a significant number of security events between July 2025 and June 2026, with a total of 58,093 recorded incidents. The majority of these events, 88%, were historical data breaches, accounting for 51,100 incidents. Additionally, 12% of the events were active infostealer logs, totaling 6,993 incidents. The timeline indicates a substantial spike in employee-related events in January 2026, with 3,575 incidents, and a notable increase in client-related events in March 2026, with 13,718 incidents. The most prevalent malware families associated with these events include Redline, Rhadamanthys, and LummaC2, all of which are known for credential and information theft. The primary targeted services are related to authentication and login portals, specifically within the `cas.homeaway.com` subdomain, suggesting a focus on compromising user credentials.

Total Events

58,093
credential exposure events

Employee Affected Events

4,537
account email domain = homeaway.com

Client Affected Events

53,556
service target = homeaway.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
15,00010,0005,0000
peak month 13,718
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events6,993
Share12%
Data breaches
Events51,100
Share88%
Infostealer logs (12%)
6,993events
Data breaches (88%)
51,100events

4,537 compromised employee accounts pose an infrastructure risk, while 53,556 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender126
McAfee34
Windows Defender McAfee26
Avast Antivirus11
Webroot SecureAnywhere OpenText™ Core Endpoint Protection10
ESET Security8
OpenText™ Core Endpoint Protection Webroot SecureAnywhere6
Windows Defender Avast Antivirus4
Windows Defender.4

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,090
Rhadamanthys989
LummaC2926
Acreed511
Vidar378
StealC138
X-Files84
Blank Grabber78
RisePro73

Top Login URLs

Top exposed services found in the event results

  1. 1https://cas.homeaway.com5,870
  2. 2cas.homeaway.com5,699
  3. 3https://cas.homeaway.com/auth/traveler/login3,779
  4. 4cas.homeaway.com/auth/traveler/login2,775
  5. 5https://cas.homeaway.com/auth/homeaway/login2,468
  6. 6homeaway.com2,102
  7. 7cas.homeaway.com/auth/homeaway/login1,735
  8. 8https://cas.homeaway.com/1,429
  9. 9https://cas.homeaway.com/auth/traveler/register1,422
  10. 10https://homeaway.com1,413

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events1,263
Brazil
Events374
Italy
Events344
France
Events340
Spain
Events290
United Kingdom
Events154
Portugal
Events111
Canada
Events98

Country Breakdown

  1. 1United States1,263
  2. 2Brazil374
  3. 3Italy344
  4. 4France340
  5. 5Spain290
  6. 6United Kingdom154
  7. 7Portugal111
  8. 8Canada98

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11614
Windows 11 24H2 build 26100 (64 Bit)528
Windows 10 Enterprise x64425
Windows 10 Home x64371
Windows 10 22H2 build 19045 (64 Bit)314

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
47,080
Combolist pools
4,020
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.