Back

merck.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting merck.com, with a risk score of 100. The primary concern stems from 154,360 historical data breaches, accounting for 98% of the total events. Additionally, 3,164 active infostealer logs were observed, representing 2% of events. The timeline shows a substantial surge in employee-related events in January 2026, with 79,140 instances, and a consistent rise in client-related events from September 2025 through June 2026. Malware analysis reveals Redline as the dominant family (58.1%), followed by LummaC2 (9.3%) and Vidar (8.1%). Targeted services include merck.com and guest-auth.merck.com, with geographical data showing the United States and India as primary locations for observed activity. The high volume of historical data breaches and active infostealer logs, coupled with the prevalence of infostealer malware like Redline, suggests a critical risk of ongoing credential compromise and potential sensitive data exfiltration. The concentration of events on authentication services like guest-auth.merck.com and pingfedpassive.merck.com indicates a potential focus on gaining unauthorized access to internal systems. Remediation efforts should prioritize a comprehensive review of past data breach incidents, enhanced monitoring for infostealer activity, and immediate security hardening of authentication infrastructure.

Total Events

157,524
credential exposure events

Employee Affected Events

150,554
account email domain = merck.com

Client Affected Events

6,970
service target = merck.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
80,00053,33326,6670
peak month 79,140
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events3,164
Share2%
Data breaches
Events154,360
Share98%
Infostealer logs (2%)
3,164events
Data breaches (98%)
154,360events

150,554 compromised employee accounts pose an infrastructure risk, while 6,970 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender3
Windows Defender [ON]2
Bitdefender2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,838
LummaC2294
Vidar257
Acreed50
Rhadamanthys35
StealC11
Millenium3
Aurora1
Remus1

Top Login URLs

Top exposed services found in the event results

  1. 1merck.com3,376
  2. 2guest-auth.merck.com87
  3. 3https://jobs.merck.com86
  4. 4https://guest-auth.merck.com/84
  5. 5https://guest-auth.merck.com75
  6. 6jobs.merck.com74
  7. 7https://guest-auth.merck.com/login.html73
  8. 8guest-auth.merck.com/login.html71
  9. 9pingfedpassive.merck.com69
  10. 10https://pingfedpassive.merck.com64

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events466
India
Events441
Netherlands
Events399
Germany
Events394
Denmark
Events172
Egypt
Events100
United Kingdom
Events49
France
Events41

Country Breakdown

  1. 1United States466
  2. 2India441
  3. 3Netherlands399
  4. 4Germany394
  5. 5Denmark172
  6. 6Egypt100
  7. 7United Kingdom49
  8. 8France41

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

F580
Microsoft61
Citrix52
Salesforce49
Pulse Secure39
WordPress17
Git15

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Pro391
Windows Server 2012 x32139
Windows 10 Home x32131
Windows Server 2003 R2 x32128
Windows Server 2008 x32128

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
53,876
Combolist pools
100,484
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.