Back

life.tw Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain life.tw has experienced a significant exposure event with 495 total incidents recorded between July 2025 and June 2026. The majority of these incidents, 381 (77%), are classified as historical data breaches, primarily originating from combolist sources. Additionally, 114 incidents (23%) are attributed to active infostealer logs, with Redline, LummaC2, and Rhadamanthys being the most prevalent malware families. The exposure primarily affects clients (392 instances) and employees (103 instances), with a notable surge in client-related incidents in September 2025 and employee and client incidents peaking in March and April 2026. Targeted services include the main domain, authentication endpoints like oauth.life.tw/auth, and login pages, indicating a broad attack surface. Given the high volume of historical data breaches and active infostealer activity, this exposure presents a critical risk. The prevalence of infostealer malware targeting credentials suggests a high likelihood of account compromise and potential for further downstream impacts, including unauthorized access and sensitive data exfiltration. Prioritization should focus on immediate remediation of exposed authentication mechanisms, credential reset for affected employees and clients, and enhanced monitoring for anomalous activity across all targeted services. The geographical distribution shows a concentration of affected entities in the United States and Taiwan, suggesting these regions may require focused attention.

Total Events

495
credential exposure events

Employee Affected Events

103
account email domain = life.tw

Client Affected Events

392
service target = life.tw

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
12080400
peak month 102
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events114
Share23%
Data breaches
Events381
Share77%
Infostealer logs (23%)
114events
Data breaches (77%)
381events

103 compromised employee accounts pose an infrastructure risk, while 392 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender5

Malware Families Distribution

Distribution of Active Stealer Strains

Redline15
LummaC28
Rhadamanthys4
Acreed3
StealC1

Top Login URLs

Top exposed services found in the event results

  1. 1https://life.tw63
  2. 2life.tw51
  3. 3https://oauth.life.tw/auth30
  4. 4oauth.life.tw/auth26
  5. 5https://life.tw/23
  6. 6https://oauth.life.tw18
  7. 7https://life.tw/logon18
  8. 8https://life.tw/login18
  9. 9https://management.life.tw/18
  10. 10oauth.life.tw17

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events21
Taiwan
Events15
Germany
Events11
Japan
Events8
Egypt
Events4
Netherlands
Events4
China
Events4
Canada
Events2

Country Breakdown

  1. 1United States21
  2. 2Taiwan15
  3. 3Germany11
  4. 4Japan8
  5. 5Egypt4
  6. 6Netherlands4
  7. 7China4
  8. 8Canada2

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Cisco (AnyConnect)2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1149
Windows 10 19H2 build 18363 (64 Bit)6
Windows 10 Enterprise x642
Windows Server 2012 x322
Windows Server 2003 x322

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
381
Combolist pools
0
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.