Back

ibm.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting ibm.com, with over 1.7 million total events recorded between July 2025 and June 2026. The majority of these events, approximately 85.8%, are classified as historical data breaches, affecting over 1.4 million clients and 317,000 employees. Additionally, there are over 244,000 active infostealer logs, primarily targeting client credentials. The timeline shows a notable surge in employee and client events in January 2026, with further spikes in March and April 2026, suggesting a sustained period of compromise. The high volume of data breaches and infostealer activity, coupled with a risk score of 100, indicates a critical security posture. The prevalence of LummaC2, Redline, and Rhadamanthys malware families, commonly associated with credential theft, exacerbates the risk. Remediation efforts should focus on immediate incident response to contain ongoing infostealer activity, thorough forensic analysis of the data breaches, and enhanced credential protection measures for both employees and clients. Prioritizing the investigation of the January, March, and April 2026 event spikes is crucial.

Total Events

1,720,606
credential exposure events

Employee Affected Events

317,646
account email domain = ibm.com

Client Affected Events

1,402,960
service target = ibm.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
400,000266,667133,3330
peak month 346,997
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events244,591
Share14%
Data breaches
Events1,476,015
Share86%
Infostealer logs (14%)
244,591events
Data breaches (86%)
1,476,015events

317,646 compromised employee accounts pose an infrastructure risk, while 1,402,960 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender5,812
Windows Defender.230
360 Total Security152
Malwarebytes75
Windows Defender McAfee66
Windows Defender ESET Security47
Avast45
Avast Norton40
Windows Defender [ON]32

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC238,584
Redline32,002
Rhadamanthys25,386
Vidar21,945
Acreed14,970
StealC4,587
RisePro4,074
Remus2,960
Millenium1,682

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.ibm.com/account/reg/us-en/signup121,386
  2. 2https://login.ibm.com/authsvc/mtfim/sps/authsvc94,795
  3. 3https://cloud.ibm.com/registration81,175
  4. 4ibm.com70,480
  5. 5ibm.com/account/reg/us-en/signup66,400
  6. 6cloud.ibm.com/registration55,422
  7. 7https://ibm.com51,981
  8. 8www.ibm.com/account/reg/us-en/signup51,063
  9. 9login.ibm.com/authsvc/mtfim/sps/authsvc44,478
  10. 10https://cloud.ibm.com42,523

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events43,597
Indonesia
Events8,678
Brazil
Events7,113
United States
Events6,157
Peru
Events5,472
Egypt
Events5,395
Pakistan
Events5,298
Philippines
Events3,962

Country Breakdown

  1. 1India43,597
  2. 2Indonesia8,678
  3. 3Brazil7,113
  4. 4United States6,157
  5. 5Peru5,472
  6. 6Egypt5,395
  7. 7Pakistan5,298
  8. 8Philippines3,962

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft438
Salesforce166
Intranet149
Citrix106
Jira (Atlassian)90
Git89
Pulse Secure45

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1118,397
Windows 10 Enterprise x6412,328
Windows 11 24H2 build 26100 (64 Bit)11,820
Windows 11 Home Single Language10,375
Windows 10 Pro8,685

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
1,225,440
Combolist pools
250,575
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.