Back

jll.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event for jll.com, with a risk score of 100. The primary concern stems from 44,821 historical data breaches and 1,655 active infostealer logs, impacting 36,507 employees and 9,969 clients. Malware families such as LummaC2, Rhadamanthys, and Redline are prevalent, suggesting a focus on credential harvesting. The timeline shows a notable spike in employee and client-related events in January 2026, coinciding with a surge in data breaches. Targeted services include authentication endpoints like ap.jll.com and am.jll.com, as well as Okta and Microsoft services, indicating potential compromise of access controls. Given the high volume of data breaches and active infostealer activity, this situation poses a critical risk to the organization. The prevalence of credential-stealing malware targeting authentication services like Okta and Microsoft, coupled with the extensive historical data breach data, suggests a high likelihood of ongoing unauthorized access and potential for further compromise. Remediation should prioritize securing authentication mechanisms, investigating the root cause of the data breaches, and actively hunting for active infostealer infections across the affected employee and client base, with a particular focus on compromised credentials originating from India and the United States.

Total Events

46,476
credential exposure events

Employee Affected Events

36,507
account email domain = jll.com

Client Affected Events

9,969
service target = jll.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 30,321
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,655
Share4%
Data breaches
Events44,821
Share96%
Infostealer logs (4%)
1,655events
Data breaches (96%)
44,821events

36,507 compromised employee accounts pose an infrastructure risk, while 9,969 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender18
Reason Cybersecurity2
Trend Micro Maximum Security1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2298
Rhadamanthys199
Redline175
StealC100
Vidar72
Acreed70
Millenium21
Raccoon13
RisePro13

Top Login URLs

Top exposed services found in the event results

  1. 1ap.jll.com1,602
  2. 2am.jll.com1,461
  3. 3https://authn.jll.com/1,430
  4. 4authn.jll.com/899
  5. 5authn.jll.com612
  6. 6https://authn.jll.com586
  7. 7eu.jll.com511
  8. 8https://authn.jll.com/Auth/OktaLogin385
  9. 9authn.jll.com/Auth/OktaLogin245
  10. 10https://apps.jll.com/useradmin/ChangePW.aspx134

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events175
United States
Events154
Canada
Events93
Philippines
Events90
Brazil
Events81
Indonesia
Events76
Mexico
Events63
Malaysia
Events44

Country Breakdown

  1. 1India175
  2. 2United States154
  3. 3Canada93
  4. 4Philippines90
  5. 5Brazil81
  6. 6Indonesia76
  7. 7Mexico63
  8. 8Malaysia44

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Okta242
Microsoft126
Citrix26
WordPress1

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11174
Windows 10 Pro133
Windows 10 22H2 build 19045 (64 Bit)131
Windows 10 Pro (10.0.19045) x6488
Windows 11 24H2 build 26100 (64 Bit)74

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
7,163
Combolist pools
37,658
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.