Back

news24.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of client data, with 6102 historical data breaches and 1744 active infostealer logs observed over the reporting period. The majority of these events are linked to "Combolist sources" (99.8%), suggesting compromised credential lists are a primary vector. Malware families such as LummaC2 (22.9%), Redline (10.1%), and Rhadamanthys (8.1%) are prevalent, indicating active credential harvesting. The targeted services include authentication endpoints like "/auth/signin" and "/auth/signup" on news24.com, and the domain itself, suggesting a focus on user credentials. The primary geography affected is South Africa (924 instances). The timeline shows a notable increase in client-related events from March 2026 onwards, coinciding with a rise in employee-related events as well. The high volume of data breaches and infostealer activity, coupled with the targeting of authentication services, presents a critical risk of account compromise and potential further downstream impacts. The prevalence of common infostealer malware families points to a widespread threat landscape. Prioritization should focus on immediate remediation of identified vulnerabilities, enhanced monitoring of authentication endpoints, and user education regarding credential security. Given the nature of the data and the domain, the most appropriate industry sector is Retail & E-commerce.

Total Events

7,846
credential exposure events

Employee Affected Events

109
account email domain = news24.com

Client Affected Events

7,737
service target = news24.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,0001,3336670
peak month 1,926
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,744
Share22%
Data breaches
Events6,102
Share78%
Infostealer logs (22%)
1,744events
Data breaches (78%)
6,102events

109 compromised employee accounts pose an infrastructure risk, while 7,737 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender6
Windows Defender [ON]1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2400
Redline176
Rhadamanthys141
Vidar114
Acreed92
StealC63
RisePro41
Remus17
Millenium7

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.news24.com/auth/signin846
  2. 2https://www.news24.com/auth/signup726
  3. 3news24.com708
  4. 4https://www.news24.com/569
  5. 5https://news24.com540
  6. 6https://www.news24.com427
  7. 7news24.com/auth/signin385
  8. 8news24.com/auth/signup353
  9. 9www.news24.com/auth/signin328
  10. 10www.news24.com292

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

South Africa
Events924
United States
Events22
Venezuela
Events12
Botswana
Events10
Namibia
Events8
Pakistan
Events6
Cameroon
Events5

Country Breakdown

  1. 1South Africa924
  2. 2United States22
  3. 3Venezuela12
  4. 4Botswana10
  5. 5Zambia8
  6. 6Namibia8
  7. 7Pakistan6
  8. 8Cameroon5

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

WordPress7
FortiNet VPN4

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11141
Windows 10 Pro139
Windows 10 Pro (10.0.19045) x64134
Windows 11 24H2 build 26100 (64 Bit)92
Windows 10 Enterprise x6478

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
6,089
Combolist pools
13
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.