Back

jetblue.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of JetBlue's digital assets, with a high volume of historical data breaches and active infostealer logs observed between July 2025 and June 2026. The data breaches represent 88.6% of the total events, impacting over 230,000 entities, likely comprising both employees and clients. Infostealer activity accounts for 11.4% of events, with Redline, LummaC2, and Rhadamanthys being the most prevalent malware families. The exposure is heavily concentrated in the United States, with secondary impacts in the Dominican Republic and Puerto Rico. The majority of the data breach events originate from "Combolist sources," suggesting credential stuffing or account takeover attempts, while infostealer activity targets services like "https://www.jetblue.com/signin" and "jetblue.com/signin."

Total Events

259,670
credential exposure events

Employee Affected Events

58,163
account email domain = jetblue.com

Client Affected Events

201,507
service target = jetblue.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
60,00040,00020,0000
peak month 54,058
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events29,609
Share11%
Data breaches
Events230,061
Share89%
Infostealer logs (11%)
29,609events
Data breaches (89%)
230,061events

58,163 compromised employee accounts pose an infrastructure risk, while 201,507 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender443
Avast Antivirus88
Sentinel Agent49
BullGuard Antivirus40
Unknown30
Windows Defender.16
Kaspersky14
Windows Defender McAfee VirusScan10
Malwarebytes9

Malware Families Distribution

Distribution of Active Stealer Strains

Redline5,689
LummaC23,702
Rhadamanthys3,519
Vidar2,470
Acreed1,589
X-Files637
StealC376
Blank Grabber366
RisePro340

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.jetblue.com/signin21,938
  2. 2jetblue.com14,778
  3. 3jetblue.com/signin12,916
  4. 4www.jetblue.com/signin10,688
  5. 5https://jetblue.com9,571
  6. 6https://www.jetblue.com9,097
  7. 7https://book.jetblue.com/B6.auth/login7,491
  8. 8www.jetblue.com6,640
  9. 9book.jetblue.com6,161
  10. 10https://book.jetblue.com6,086

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events9,929
Puerto Rico
Events862
Netherlands
Events475
Germany
Events363
Ecuador
Events293
India
Events263

Country Breakdown

  1. 1United States9,929
  2. 2Dominican Republic2,343
  3. 3Puerto Rico862
  4. 4Jamaica527
  5. 5Netherlands475
  6. 6Germany363
  7. 7Ecuador293
  8. 8India263

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft752
Citrix67
Pulse Secure28
FortiNet VPN19
Cisco (AnyConnect)17
WordPress10
Jira (Atlassian)10

Operating System Distribution

Distribution of compromised endpoint builds

Windows 112,513
Windows 11 24H2 build 26100 (64 Bit)1,889
Windows 10 Home x641,512
Windows 10 Enterprise x641,187
Windows 10 22H2 build 19045 (64 Bit)892

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
211,308
Combolist pools
18,753
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.