Back

mizuhobank.co.jp Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure impacting Mizuho Bank, with a high risk score of 92. The primary concern stems from a large volume of historical data breaches (84.1%) and active infostealer logs (15.9%) over the reporting period. Specifically, 23,717 data breach events and 4,494 infostealer events were observed, affecting a substantial number of clients (27,949) and some employees (262). The timeline shows a notable increase in employee-related events in early 2026, particularly January and March, coinciding with spikes in client-related breaches. Malware families associated with these events include LummaC2, Redline, and Rhadamanthys, commonly used for credential harvesting and data exfiltration. Given the high risk score and the nature of the events, this exposure requires immediate attention. The prevalence of infostealer activity and data breaches suggests a high likelihood of compromised credentials and sensitive client information. Remediation efforts should focus on enhancing endpoint security, reviewing access controls, and implementing robust data loss prevention measures. The targeting of specific banking services, including online banking portals, indicates a direct threat to financial operations and customer trust. Prioritize incident response and forensic analysis to understand the full scope of the compromise and mitigate further damage.

Total Events

28,211
credential exposure events

Employee Affected Events

262
account email domain = mizuhobank.co.jp

Client Affected Events

27,949
service target = mizuhobank.co.jp

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
10,0006,6673,3330
peak month 8,412
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events4,494
Share16%
Data breaches
Events23,717
Share84%
Infostealer logs (16%)
4,494events
Data breaches (84%)
23,717events

262 compromised employee accounts pose an infrastructure risk, while 27,949 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender371
Windows Defender マカフィー28
Windows Defender マカフィー セキュリティエージェント21
Windows Defender セキュリティエージェント マカフィー18
Reason Cybersecurity6
ノートン 3605
Windows Defender ウイルスバスター クラウド4
Windows Defender セキュリティエージェント ノートン 3604
Unknown4

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC21,432
Redline360
Rhadamanthys287
Acreed129
Remus50
Vidar46
Millenium32
Raccoon28
RisePro9

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.mizuhobank.co.jp/1,764
  2. 2mizuhobank.co.jp763
  3. 3mizuhobank.co.jp/735
  4. 4https://mizuhobank.co.jp734
  5. 5https://web1.ib.mizuhobank.co.jp/servlet/LOGBNK0000001B.do557
  6. 6https://web4.ib.mizuhobank.co.jp/servlet/LOGBNK0000001B.do542
  7. 7https://web3.ib.mizuhobank.co.jp/servlet/LOGBNK0000001B.do524
  8. 8https://web2.ib.mizuhobank.co.jp/servlet/LOGBNK0000001B.do505
  9. 9www.mizuhobank.co.jp/430
  10. 10https://web1.ib.mizuhobank.co.jp411

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Japan
Events1,698
United States
Events57
South Korea
Events44
China
Events23
Vietnam
Events11
Türkiye
Events8
Germany
Events7

Country Breakdown

  1. 1Japan1,698
  2. 2United States57
  3. 3South Korea44
  4. 4China23
  5. 5Vietnam11
  6. 6Liechtenstein10
  7. 7Türkiye8
  8. 8Germany7

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 Pro (10.0.26100.3194) x64401
Windows 11 Pro (10.0.26100.3323) x64334
Windows 11 Pro (10.0.26100.3037) x64283
Windows 11187
Windows 10 Enterprise x64158

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
23,545
Combolist pools
172
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.