Back

hp.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event affecting approximately 2.1 million employees and 2.6 million clients of hp.com between July 2025 and June 2026. The primary drivers of this exposure are historical data breaches, accounting for 80.9% of events, and active infostealer logs, representing 19.1%. Malware families such as LummaC2, Redline, and Rhadamanthys are prevalent, with targeted services primarily related to HP's login and authentication infrastructure. Given the high volume of data breaches and the involvement of infostealers targeting authentication services, this incident poses a critical risk. The prevalence of LummaC2 and Redline suggests potential credential harvesting and further lateral movement within affected environments. Prioritization should focus on immediate incident response, comprehensive forensic analysis of the identified data breaches and infostealer activity, and strengthening authentication mechanisms, particularly for services like login3.id.hp.com. Remediation efforts should include credential rotation for all affected employees and clients, enhanced endpoint detection and response, and a review of data access controls.

Total Events

2,805,529
credential exposure events

Employee Affected Events

211,510
account email domain = hp.com

Client Affected Events

2,594,019
service target = hp.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
800,000533,333266,6670
peak month 601,148
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events536,323
Share19%
Data breaches
Events2,269,206
Share81%
Infostealer logs (19%)
536,323events
Data breaches (81%)
2,269,206events

211,510 compromised employee accounts pose an infrastructure risk, while 2,594,019 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender9,839
Windows Defender.347
Windows Defender McAfee134
McAfee117
Windows Defender ESET Security82
Windows Defender [ON]79
McAfee VirusScan78
Windows Defender McAfee VirusScan76
Windows Defender Avast Antivirus73

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC287,536
Redline82,417
Rhadamanthys60,204
Acreed42,015
Vidar38,342
RisePro9,598
StealC9,481
Millenium4,921
Remus4,442

Top Login URLs

Top exposed services found in the event results

  1. 1https://login3.id.hp.com/login3/sign-up365,705
  2. 2https://login3.id.hp.com/login3/password253,704
  3. 3https://login3.id.hp.com219,027
  4. 4login3.id.hp.com200,922
  5. 5login3.id.hp.com/login3/sign-up177,850
  6. 6login3.id.hp.com/login3/password134,788
  7. 7https://login.id.hp.com/login-ui/sign-up95,503
  8. 8https://login3.id.hp.com/login3/password-recovery/reset95,277
  9. 9https://login.id.hp.com83,727
  10. 10login.id.hp.com80,401

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events36,937
United States
Events36,327
Brazil
Events23,033
Spain
Events17,614
France
Events15,022
Mexico
Events13,725
Italy
Events13,152
Egypt
Events7,771

Country Breakdown

  1. 1India36,937
  2. 2United States36,327
  3. 3Brazil23,033
  4. 4Spain17,614
  5. 5France15,022
  6. 6Mexico13,725
  7. 7Italy13,152
  8. 8Egypt7,771

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Intranet444
Microsoft442
Citrix246
WordPress77
Git39
Pulse Secure38
Zendesk20

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1147,445
Windows 10 Enterprise x6431,252
Windows 11 24H2 build 26100 (64 Bit)29,259
Windows 10 Pro18,400
Windows 10 Home x6418,137

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
2,142,447
Combolist pools
126,759
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.