Back

mastercard.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting mastercard.com, with 100,195 historical data breaches and 20,485 active infostealer logs observed between July 2025 and June 2026. The data breaches represent 83% of the total events, while infostealer logs account for 17%. A notable surge in employee-related events occurred in January 2026, with 28,014 instances, alongside 6,453 client-related events in the same month. The primary malware families associated with these events are LummaC2 (18.8%), Redline (14.2%), and Rhadamanthys (11%), all of which are infostealers. The data originates from various countries, with Brazil showing the highest incidence at 6,379 events. The high volume of historical data breaches and active infostealer logs, coupled with the prevalence of known infostealer malware families, elevates the risk to both employees and clients. The concentration of events in January 2026, particularly the spike in employee-related incidents, suggests a potential targeted campaign or a significant compromise during that period. Remediation efforts should focus on enhancing data security measures, improving threat detection capabilities for infostealer malware, and conducting thorough investigations into the January 2026 event to understand the root cause and prevent recurrence. Prioritizing the security of client data and employee credentials is paramount given the nature of the observed threats.

Total Events

120,680
credential exposure events

Employee Affected Events

36,885
account email domain = mastercard.com

Client Affected Events

83,795
service target = mastercard.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
30,00020,00010,0000
peak month 28,014
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events20,485
Share17%
Data breaches
Events100,195
Share83%
Infostealer logs (17%)
20,485events
Data breaches (83%)
100,195events

36,885 compromised employee accounts pose an infrastructure risk, while 83,795 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender297
Windows Defender.12
Windows Defender Kaspersky Internet Security.4
Windows Defender McAfee.4
ESET4
Malwarebytes2
Windows Defender Avast Antivirus.2
Kaspersky2
Windows Defender Kaspersky Reason Cybersecurity2

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC23,844
Redline2,908
Rhadamanthys2,261
Acreed1,532
Vidar1,303
StealC374
RisePro252
Millenium179
Remus157

Top Login URLs

Top exposed services found in the event results

  1. 1android://k1WLfc9exPZeq3ySlmItzqK_eWgsBxckiwRdPlyhhoKN-uszzB5Q29whv4asABLHPGVl_A4YeWYQzRPMSIjXyQ==@com.mastercard.hanzo.surpreenda/13,419
  2. 2https://airport.mastercard.com2,142
  3. 3airport.mastercard.com2,024
  4. 4https://developer.mastercard.com/account/sign-up1,826
  5. 5https://airport.mastercard.com/pt/create-account1,614
  6. 6https://sa.cardholder.mastercard.com/mpts-chp/eis/CardRegistration.action1,607
  7. 7sa.cardholder.mastercard.com/mpts-chp/eis/CardRegistration.action1,532
  8. 8https://airport.mastercard.com/es/create-account1,477
  9. 9sa.cardholder.mastercard.com1,363
  10. 10https://sa.cardholder.mastercard.com1,360

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Brazil
Events6,379
Argentina
Events731
Philippines
Events585
United States
Events492
Israel
Events339
India
Events307
Tanzania
Events216
Egypt
Events212

Country Breakdown

  1. 1Brazil6,379
  2. 2Argentina731
  3. 3Philippines585
  4. 4United States492
  5. 5Israel339
  6. 6India307
  7. 7Tanzania216
  8. 8Egypt212

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft323
F547
Jira (Atlassian)1

Operating System Distribution

Distribution of compromised endpoint builds

Windows 111,658
Windows 10 Enterprise x641,228
Windows 10 Pro (10.0.19045) x641,065
Windows 10 22H2 build 19045 (64 Bit)981
Windows 10 Pro883

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
66,685
Combolist pools
33,510
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.