Back

newscorp.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting newscorp.com, with 35,519 historical data breaches and 1,755 active infostealer logs detected over the reporting period. The majority of infostealer activity is attributed to the Redline malware family. Employee accounts are the most frequently compromised asset type, with 36,840 instances, followed by 434 client accounts. The data suggests a high-risk scenario due to the volume of historical breaches and ongoing infostealer activity, potentially leading to widespread credential compromise and further downstream attacks. The timeline shows a surge in employee compromises during September 2025 and January 2026, with a consistent presence of data breach events throughout the period. Given the high risk score and the prevalence of Redline infostealer, remediation efforts should focus on immediate credential reset for affected employees and clients, enhanced endpoint detection and response, and a thorough review of access controls. The extensive historical data breaches suggest a need for comprehensive data security posture assessment and potential data recovery or notification strategies. Prioritization should be given to mitigating further data exfiltration and preventing the misuse of compromised credentials.

Total Events

37,274
credential exposure events

Employee Affected Events

36,840
account email domain = newscorp.com

Client Affected Events

434
service target = newscorp.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
10,0006,6673,3330
peak month 9,415
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,755
Share5%
Data breaches
Events35,519
Share95%
Infostealer logs (5%)
1,755events
Data breaches (95%)
35,519events

36,840 compromised employee accounts pose an infrastructure risk, while 434 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,735
LummaC26
Acreed4
Aurora1
Raccoon1
Vidar1

Top Login URLs

Top exposed services found in the event results

  1. 1newscorp.com411
  2. 2android://RDimOKhKEnOSKFPxFyhorLMm3m2xDwhLvao8QDDqdeaHa7UciERJd5PoRy2-YXkyEgpo6SIY9eHM2VI_cZ7OYg==@com.newscorp.heraldsun/5
  3. 3android://RDimOKhKEnOSKFPxFyhorLMm3m2xDwhLvao8QDDqdeaHa7UciERJd5PoRy2-YXkyEgpo6SIY9eHM2VI_cZ7OYg==@com.newscorp.thedailytelegraph/3
  4. 4newscorp.com:213
  5. 5android://RDimOKhKEnOSKFPxFyhorLMm3m2xDwhLvao8QDDqdeaHa7UciERJd5PoRy2-YXkyEgpo6SIY9eHM2VI_cZ7OYg==@com.newscorp.theaustralian/3
  6. 6android://JzpQ_1HpZiAklBp_YfA4ck2gl6LQics7XiJh7wTDGW71I8JzlAP1101GxNfqqj9NIzJyPXYVhMFBPRHpNjNsGQ==@com.newscorp.newsmart/2
  7. 7android://rdimokhkenoskfpxfyhorlmm3m2xdwhlvao8qddqdeaha7ucierjd5pory2-yxkyegpo6siy9ehm2vi_cz7oyg==@com.newscorp.couriermail/ :1
  8. 8android://RDimOKhKEnOSKFPxFyhorLMm3m2xDwhLvao8QDDqdeaHa7UciERJd5PoRy2-YXkyEgpo6SIY9eHM2VI_cZ7OYg==@com.newscorp.adelaideadvertiser/1
  9. 9android://RDimOKhKEnOSKFPxFyhorLMm4m4xDwhLvao8QDDqdeaHa7UciERJd5PoRy4-YXkyEgpo6SIY9eHM4VI_cZ7OYg==@com.newscorp.thedailytelegraph/1
  10. 10https://[email protected]1

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events421
Netherlands
Events397
Germany
Events373
Denmark
Events149
United Kingdom
Events48
France
Events37
Belgium
Events32

Country Breakdown

  1. 1United States421
  2. 2Netherlands397
  3. 3Germany373
  4. 4Denmark149
  5. 5United Kingdom48
  6. 6France37
  7. 7Belgium32
  8. 8Luxembourg28

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix39
Okta34
Pulse Secure26
Cisco (AnyConnect)22
Git20
FortiNet VPN17

Operating System Distribution

Distribution of compromised endpoint builds

Windows Server 2008 R2 x32147
Windows Server 2016 x32140
Windows 10 Home x32139
Windows Server 2012 R2 x32123
Windows 8 x32121

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
32,726
Combolist pools
2,793
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.