Back

lowes.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting lowes.com, with a total of 420,004 recorded events over the period. The majority of these events, 376,813 (89.7%), are classified as historical data breaches, while 43,191 (10.3%) are active infostealer logs. The data suggests a substantial number of employee (145,736) and client (274,268) credentials may be compromised. The timeline shows a notable surge in employee-related events in January 2026, with 105,997 instances, and a peak in client-related events in March 2026, with 72,145 instances. Malware families such as Redline, Rhadamanthys, and LummaC2 are prevalent, often associated with infostealer activity. The primary leak repository sources are combolist sources (71.3%) and database dumps (28.7%). The high volume of historical data breaches and active infostealer logs, coupled with the large number of affected employee and client credentials, elevates the risk to a critical level. The prevalence of infostealer malware suggests ongoing credential harvesting. Remediation efforts should focus on immediate credential rotation for all identified employee and client accounts, enhanced monitoring for suspicious login activity, and a thorough review of data access controls. Given the nature of the exposed data and the domain, the closest industry sector is Retail & E-commerce.

Total Events

420,004
credential exposure events

Employee Affected Events

145,736
account email domain = lowes.com

Client Affected Events

274,268
service target = lowes.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
120,00080,00040,0000
peak month 105,997
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events43,191
Share10%
Data breaches
Events376,813
Share90%
Infostealer logs (10%)
43,191events
Data breaches (90%)
376,813events

145,736 compromised employee accounts pose an infrastructure risk, while 274,268 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender1,176
McAfee40
Windows Defender McAfee37
Windows Defender McAfee VirusScan30
Windows Defender Malwarebytes26
Windows Defender.21
Windows Defender Norton Security20
Windows Defender PC Matic Super Shield15
Avast AVG14

Malware Families Distribution

Distribution of Active Stealer Strains

Redline7,158
Rhadamanthys6,125
LummaC25,091
Acreed3,752
Vidar1,891
X-Files1,323
Millenium561
RisePro317
Blank Grabber304

Top Login URLs

Top exposed services found in the event results

  1. 1lowes.com27,449
  2. 2https://www.lowes.com19,915
  3. 3https://lowes.com18,760
  4. 4www.lowes.com13,076
  5. 5https://www.lowes.com/u/login/oauth2/authorize9,092
  6. 6https://www.lowes.com/8,513
  7. 7https://www.lowes.com/u/register/personal8,464
  8. 8https://www.lowes.com/u/login6,983
  9. 9android://feH5vJYUmodh-fA8TS74yagJcIycKgx8WtQHf1XejKowi_EwQbZVjrPYwx7R3BIdaqMJzBj_da_rfGOwKMgVvw==@com.lowes.android/5,598
  10. 10lowes.com/5,013

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events22,973
Netherlands
Events411
Germany
Events351
India
Events257
Canada
Events194
Denmark
Events189
Indonesia
Events177
Philippines
Events171

Country Breakdown

  1. 1United States22,973
  2. 2Netherlands411
  3. 3Germany351
  4. 4India257
  5. 5Canada194
  6. 6Denmark189
  7. 7Indonesia177
  8. 8Philippines171

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft291
Citrix37
Cisco (AnyConnect)25
Jira (Atlassian)22
FortiNet VPN12
Git10
Pulse Secure8

Operating System Distribution

Distribution of compromised endpoint builds

Windows 115,218
Windows 11 24H2 build 26100 (64 Bit)3,465
Windows 10 Home x642,181
Windows 10 Enterprise x641,764
Windows 10 22H2 build 19045 (64 Bit)1,481

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
268,830
Combolist pools
107,983
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.