Back

metacritic.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The metacritic.com domain experienced a high volume of security events between July 2025 and June 2026, with a risk score of 97. The majority of these events, 84.5%, were historical data breaches, totaling 57,249 incidents. Additionally, 15.5% of events were active infostealer logs, amounting to 10,481 incidents. Employee exposure was relatively low with 64 incidents, while client exposure was significantly higher at 67,666. The data indicates a substantial risk of credential compromise and data leakage, with "Combolist sources" accounting for 99.9% of leak repository classifications. Malware families such as LummaC2, Acreed, and Redline were prevalent, suggesting active threats targeting user credentials and sensitive information. The timeline shows a notable increase in employee and client-related events in March and April 2026, coinciding with a surge in client exposure. Given the high risk score and the prevalence of data breaches and infostealer logs, this situation requires immediate attention. The primary focus should be on mitigating further credential compromise by enhancing authentication mechanisms and user education regarding phishing and malware threats. Investigating the source and scope of the data breaches and infostealer activity is critical. Remediation efforts should prioritize securing client data and preventing unauthorized access to employee accounts, particularly in light of the observed increase in related events during early 2026. The prevalence of Windows 11 and Windows 10 operating systems in the telemetry suggests that endpoint security on these platforms should be a key area for review and enhancement.

Total Events

67,730
credential exposure events

Employee Affected Events

64
account email domain = metacritic.com

Client Affected Events

67,666
service target = metacritic.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
20,00013,3336,6670
peak month 17,610
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events10,481
Share16%
Data breaches
Events57,249
Share85%
Infostealer logs (16%)
10,481events
Data breaches (85%)
57,249events

64 compromised employee accounts pose an infrastructure risk, while 67,666 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender80
Reason Cybersecurity3
Malwarebytes3
Windows Defender ESET Security.1
Windows Defender Kaspersky Internet Security.1
Avast Norton1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC21,600
Acreed1,503
Redline1,342
Rhadamanthys1,278
Vidar464
Millenium241
StealC159
RisePro143
Remus84

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.metacritic.com/signup8,234
  2. 2metacritic.com6,869
  3. 3metacritic.com/signup5,273
  4. 4https://metacritic.com4,900
  5. 5https://www.metacritic.com4,788
  6. 6www.metacritic.com/signup4,207
  7. 7www.metacritic.com2,964
  8. 8https://www.metacritic.com/login2,298
  9. 9https://www.metacritic.com/2,077
  10. 10https://secure.metacritic.com/signup1,653

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Brazil
Events825
United States
Events685
Türkiye
Events404
France
Events313
Spain
Events290
India
Events275
Italy
Events255
United Kingdom
Events160

Country Breakdown

  1. 1Brazil825
  2. 2United States685
  3. 3Türkiye404
  4. 4France313
  5. 5Spain290
  6. 6India275
  7. 7Italy255
  8. 8United Kingdom160

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 111,654
Windows 10 Enterprise x64473
Windows 11 24H2 build 26100 (64 Bit)453
Windows 10375
Windows 10 22H2 build 19045 (64 Bit)362

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
57,216
Combolist pools
33
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.