Back

meituan.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting meituan.com, with a high risk score of 94. The primary concerns stem from a large volume of historical data breaches (12,578 events) and active infostealer logs (6,250 events) over the reporting period. These events predominantly affected clients (18,070) and employees (758), suggesting a broad compromise. The data indicates a concentration of activity originating from China, with associated malware families including Rhadamanthys and Redline, commonly used for credential harvesting and data exfiltration. The high volume of data breaches and infostealer activity, coupled with the targeting of login and account retrieval services, points to a high-priority risk of widespread account compromise and sensitive data theft. Remediation efforts should focus on immediate incident response to contain active infostealer infections, thorough forensic analysis of breach origins, and enhanced security controls around authentication mechanisms and client data protection. Given the nature of the affected domain and the observed data, the most appropriate industry sector is Retail & E-commerce.

Total Events

18,828
credential exposure events

Employee Affected Events

758
account email domain = meituan.com

Client Affected Events

18,070
service target = meituan.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
4,0002,6671,3330
peak month 3,623
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events6,250
Share33%
Data breaches
Events12,578
Share67%
Infostealer logs (33%)
6,250events
Data breaches (67%)
12,578events

758 compromised employee accounts pose an infrastructure risk, while 18,070 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender21

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys2,486
Redline1,134
LummaC2645
Acreed278
Vidar84
Cthulhu50
Millenium34
StealC32
Remus17

Top Login URLs

Top exposed services found in the event results

  1. 1https://passport.meituan.com/account/unitivelogin2,106
  2. 2passport.meituan.com/account/unitivelogin1,308
  3. 3https://waimaie.meituan.com/new_fe/login_gw1,123
  4. 4https://passport.meituan.com819
  5. 5https://passport.meituan.com/818
  6. 6passport.meituan.com816
  7. 7https://epassport.meituan.com/new/login/account720
  8. 8https://epassport.meituan.com/account/unitivelogin709
  9. 9https://passport.meituan.com/useraccount/retrievepassword466
  10. 10https://e.waimai.meituan.com/new_fe/login_gw408

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

China
Events3,374
Malaysia
Events631
United States
Events230
Japan
Events84
Jordan
Events80
Singapore
Events59
South Korea
Events45

Country Breakdown

  1. 1China3,374
  2. 2Malaysia631
  3. 3Hong Kong SAR China284
  4. 4United States230
  5. 5Japan84
  6. 6Jordan80
  7. 7Singapore59
  8. 8South Korea45

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Salesforce222

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 (Build 26200) (64 Bit)966
Windows 11 23H2 build 22631 (64 Bit)830
Windows 10 22H2 build 19045 (64 Bit)732
Windows 11 24H2 build 26100 (64 Bit)672
Windows 11361

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
12,423
Combolist pools
155
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.