Back

malwarebytes.org Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting 1392 employees and 3307 clients over the period of July 2025 to June 2026. The primary drivers of this exposure are historical data breaches, accounting for 86.6% of events, and active infostealer logs, representing 13.4%. Malware families such as Redline, LummaC2, and Acreed are prominently featured, suggesting a focus on credential harvesting and information theft. The data also points to "Combolist sources" and "Database dumps" as the primary leak repository classifications, indicating compromised credentials and potentially sensitive information being exfiltrated and sold. Given the high risk score of 97, this event warrants immediate attention. The prevalence of infostealer activity and data breach events suggests a high likelihood of compromised credentials and sensitive data being in the hands of malicious actors. Remediation efforts should focus on credential reset campaigns for both employees and clients, enhanced monitoring for anomalous access patterns, and a thorough review of data security controls to prevent further exfiltration. The targeting of "malwarebytes.org" and its associated services, along with the presence of specific malware families, suggests a potential direct attack or compromise related to the organization's digital assets.

Total Events

4,699
credential exposure events

Employee Affected Events

1,392
account email domain = malwarebytes.org

Client Affected Events

3,307
service target = malwarebytes.org

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
1,2008004000
peak month 1,054
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events629
Share13%
Data breaches
Events4,070
Share87%
Infostealer logs (13%)
629events
Data breaches (87%)
4,070events

1,392 compromised employee accounts pose an infrastructure risk, while 3,307 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender4
Malwarebytes2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline108
LummaC290
Acreed76
Rhadamanthys53
Vidar26
RisePro7
Cthulhu6
StealC5
Remus4

Top Login URLs

Top exposed services found in the event results

  1. 1malwarebytes.org723
  2. 2https://malwarebytes.org605
  3. 3android://7itdRLcNbad_TyXOYB1MbRaqCAdBNwv32v9zAT-svr8gcwY0huOtizMXI-41UonNXCaugxvY-JZbD_fgfA4K9g==@org.malwarebytes.antimalware/536
  4. 4https://forums.malwarebytes.org156
  5. 5forums.malwarebytes.org150
  6. 6https://forums.malwarebytes.org/index.php142
  7. 7forums.malwarebytes.org/index.php109
  8. 8https://forums.malwarebytes.org/53
  9. 9android://zM1VFFTem4AXlNpwGtfWu205ftf2lFN9XP-UeuAIxZoKapFRNA_sv5n9rayFPbvHRCjEW9GHd9CuwPZtinKoQA==@org.malwarebytes.harpocrates/50
  10. 10android://UhbMtiAExFNPNceArXxYL07lKDceJ9QVHwVTMl3pzL5rNOxCM_X2QHA1gQU6v-owOXcnLReVhwTYm3cRKSpFaQ==@org.malwarebytes.antimalware/44

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events86
Thailand
Events26
Poland
Events22
Colombia
Events22
Indonesia
Events19
Egypt
Events18
Brazil
Events13
Germany
Events12

Country Breakdown

  1. 1United States86
  2. 2Thailand26
  3. 3Poland22
  4. 4Colombia22
  5. 5Indonesia19
  6. 6Egypt18
  7. 7Brazil13
  8. 8Germany12

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft2
Okta2
Salesforce2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1165
Windows 10 Enterprise x6449
Windows 1035
Windows 11 24H2 build 26200 (64 Bit)25
Windows 10 Pro23

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
2,937
Combolist pools
1,133
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.