Back

massmutual.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting massmutual.com, with a total of 74,619 recorded events over the period from July 2025 to June 2026. The majority of these events, 69,920, are classified as historical data breaches, while 4,699 are identified as active infostealer logs. The data suggests a substantial risk to both employees (58,437 affected) and clients (16,182 affected), with a notable surge in employee-related events during January 2026 and client-related events in September 2025 and March 2026. The primary malware families associated with these events are Redline (44.9%), Rhadamanthys (8.5%), and Vidar (7%), all of which are known for credential theft. The targeted services include login portals and account management interfaces, such as accounts.massmutual.com/login and massmutual.com. The high volume of historical data breaches and active infostealer logs, coupled with the prevalence of credential-harvesting malware, points to a critical risk of account compromise and potential financial loss for both individuals and the organization. The data also indicates that a significant portion of the exposure originates from combolist sources (68.4%) and database dumps (31.6%), suggesting that compromised credentials from other breaches are being leveraged. Remediation efforts should focus on enhancing credential security, implementing robust multi-factor authentication across all services, and actively monitoring for and mitigating the identified malware families, particularly Redline.

Total Events

74,619
credential exposure events

Employee Affected Events

58,437
account email domain = massmutual.com

Client Affected Events

16,182
service target = massmutual.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
25,00016,6678,3330
peak month 22,483
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events4,699
Share6%
Data breaches
Events69,920
Share94%
Infostealer logs (6%)
4,699events
Data breaches (94%)
69,920events

58,437 compromised employee accounts pose an infrastructure risk, while 16,182 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender53
Windows Defender McAfee28
Windows Defender McAfee VirusScan9
Windows Defender Sentinel Agent4
Webroot SecureAnywhere3
Windows Defender McAfee VirusScan McAfee1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,109
Rhadamanthys399
Vidar328
LummaC2288
Acreed229
X-Files141
Blank Grabber38
Raccoon17
StealC12

Top Login URLs

Top exposed services found in the event results

  1. 1https://accounts.massmutual.com/login2,816
  2. 2accounts.massmutual.com/login1,821
  3. 3https://accounts.massmutual.com991
  4. 4accounts.massmutual.com952
  5. 5massmutual.com919
  6. 6https://myaccount.massmutual.com/tasks/create-new/signup648
  7. 7myaccount.massmutual.com/tasks/create-new/signup373
  8. 8https://retire.massmutual.com364
  9. 9https://myaccount.massmutual.com355
  10. 10retire.massmutual.com341

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events2,020
Netherlands
Events434
Germany
Events382
Denmark
Events171
Canada
Events71
United Kingdom
Events55
France
Events38

Country Breakdown

  1. 1United States2,020
  2. 2Netherlands434
  3. 3Germany382
  4. 4Denmark171
  5. 5Canada71
  6. 6United Kingdom55
  7. 7France38
  8. 8Luxembourg31

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix45
Git32
Pulse Secure19
Cisco (AnyConnect)16
FortiNet VPN9
Microsoft2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11401
Windows 10 Enterprise x64244
Windows 11 24H2 build 26100 (64 Bit)206
Windows 11 Pro175
Windows 10 Home x64175

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
47,802
Combolist pools
22,118
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.