Back

nike.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event for nike.com, with over 3.1 million total events recorded between July 2025 and June 2026. The majority of these events, approximately 85%, are classified as historical data breaches, affecting over 2.6 million clients. Additionally, nearly 468,000 events are attributed to active infostealer logs, impacting both clients and employees. The primary malware families observed are LummaC2, Rhadamanthys, and Redline, all known for credential harvesting. The targeted services include account creation and login endpoints, suggesting a focus on account takeover or credential stuffing attacks. The data originates predominantly from the United States, Brazil, and Mexico. Given the high volume of historical data breaches and active infostealer activity targeting client and employee accounts, this exposure presents a critical risk. The prevalence of infostealers and credential-harvesting malware, coupled with the targeting of authentication services, indicates a high likelihood of account compromise and potential for further downstream impacts such as financial fraud or identity theft. Prioritization should focus on immediate remediation of identified vulnerabilities, enhanced credential security measures, and comprehensive monitoring for signs of account takeover and data exfiltration.

Total Events

3,150,308
credential exposure events

Employee Affected Events

117,413
account email domain = nike.com

Client Affected Events

3,032,895
service target = nike.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
800,000533,333266,6670
peak month 769,859
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events467,789
Share15%
Data breaches
Events2,682,519
Share85%
Infostealer logs (15%)
467,789events
Data breaches (85%)
2,682,519events

117,413 compromised employee accounts pose an infrastructure risk, while 3,032,895 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender5,531
Windows Defender.272
Windows Defender McAfee119
Windows Defender ESET Security96
Malwarebytes87
Avast79
McAfee77
Windows Defender McAfee VirusScan70
McAfee VirusScan60

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC277,645
Rhadamanthys68,614
Redline65,931
Acreed35,609
Vidar32,875
StealC7,860
RisePro4,525
Millenium4,376
Remus3,403

Top Login URLs

Top exposed services found in the event results

  1. 1https://accounts.nike.com/join243,026
  2. 2nike.com147,574
  3. 3accounts.nike.com/join130,206
  4. 4https://accounts.nike.com128,099
  5. 5accounts.nike.com124,662
  6. 6https://accounts.nike.com/challenge123,284
  7. 7https://nike.com109,095
  8. 8https://unite.nike.com/101,820
  9. 9https://accounts.nike.com/lookup92,137
  10. 10https://www.nike.com85,001

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events33,970
Brazil
Events27,849
Mexico
Events23,252
France
Events18,854
Spain
Events15,453
India
Events15,286
Italy
Events13,739
Philippines
Events13,202

Country Breakdown

  1. 1United States33,970
  2. 2Brazil27,849
  3. 3Mexico23,252
  4. 4France18,854
  5. 5Spain15,453
  6. 6India15,286
  7. 7Italy13,739
  8. 8Philippines13,202

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Okta1,764
Microsoft230
Citrix212
Git45
Jira (Atlassian)33
Microsoft Entra ID (External ID / B2C)30
Pulse Secure24

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1139,532
Windows 11 24H2 build 26100 (64 Bit)31,207
Windows 10 Enterprise x6423,327
Windows 10 22H2 build 19045 (64 Bit)22,821
Windows 10 Home x6416,959

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
2,613,970
Combolist pools
68,549
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.