Back

ingredion.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of 40,540 historical data breaches and 2,039 active infostealer logs affecting ingredion.com. The majority of the data breaches are attributed to "Combolist sources" (86.3%), while "Redline" malware is the dominant threat in infostealer logs (88.1%). Employee credentials appear to be the primary target, with 41,733 employee-related events, peaking in September 2025. Client-related events are less frequent but still notable at 846. Given the high volume of historical data breaches and active infostealer activity, this poses a critical risk. The prevalence of "Redline" and "Vidar" suggests a focus on credential harvesting. Remediation should prioritize securing authentication mechanisms, particularly for the "adfs.ingredion.com" service, and implementing robust credential hygiene practices for employees. Investigating the source of "Combolist sources" and "Database dumps" is also crucial.

Total Events

42,579
credential exposure events

Employee Affected Events

41,733
account email domain = ingredion.com

Client Affected Events

846
service target = ingredion.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
10,0006,6673,3330
peak month 9,818
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,039
Share5%
Data breaches
Events40,540
Share95%
Infostealer logs (5%)
2,039events
Data breaches (95%)
40,540events

41,733 compromised employee accounts pose an infrastructure risk, while 846 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender4
Bitdefender2
None2
Avira1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,797
Vidar25
LummaC222
Rhadamanthys10
Remus6
Acreed5
Aurora3
StealC2

Top Login URLs

Top exposed services found in the event results

  1. 1ingredion.com582
  2. 2https://adfs.ingredion.com/90
  3. 3https://adfs.ingredion.com/adfs/ls/85
  4. 4adfs.ingredion.com55
  5. 5adfs.ingredion.com/55
  6. 6https://adfs.ingredion.com52
  7. 7adfs.ingredion.com/adfs/ls/50
  8. 8https://sso.ingredion.com/25
  9. 9adfs.ingredion.com/adfs/ls23
  10. 10https://adfs.ingredion.com/adfs/ls23

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events444
Netherlands
Events418
Germany
Events378
Denmark
Events176
United Kingdom
Events43
Belgium
Events34
France
Events31

Country Breakdown

  1. 1United States444
  2. 2Netherlands418
  3. 3Germany378
  4. 4Denmark176
  5. 5United Kingdom43
  6. 6Luxembourg42
  7. 7Belgium34
  8. 8France31

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft504
Citrix51
Git28
FortiNet VPN20
Cisco (AnyConnect)19
Pulse Secure17
WordPress10

Operating System Distribution

Distribution of compromised endpoint builds

Windows Server 2012 x32148
Windows Server 2016 x32146
Windows 8.1 x32129
Windows Server 2008 R2 x32127
Windows 8 x32127

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
35,002
Combolist pools
5,538
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.