Back

nikkeibp.co.jp Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain nikkeibp.co.jp has experienced a high volume of data breaches and infostealer activity over the past year, with a significant portion of events originating from "Combolist sources." The timeline indicates a surge in client-related data breaches starting in March 2026, alongside a notable increase in employee-related breaches in September 2025 and January 2026. Malware families such as LummaC2, Rhadamanthys, and Redline are prevalent, suggesting active credential harvesting and data exfiltration campaigns targeting the organization's clients and employees. This exposure presents a critical risk due to the sheer volume of historical data breaches and ongoing infostealer activity, impacting over 6,000 clients and 1,000 employees. The prevalence of credential stuffing and data dumps indicates a high likelihood of compromised credentials being used in further attacks. Remediation should focus on strengthening authentication mechanisms, particularly for client-facing services like signon.nikkeibp.co.jp and medical.nikkeibp.co.jp, implementing robust endpoint security to detect and block infostealer malware, and conducting thorough investigations into the identified data breaches to understand the scope of compromised data and affected individuals.

Total Events

7,090
credential exposure events

Employee Affected Events

1,026
account email domain = nikkeibp.co.jp

Client Affected Events

6,064
service target = nikkeibp.co.jp

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,0001,3336670
peak month 1,612
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,023
Share14%
Data breaches
Events6,067
Share86%
Infostealer logs (14%)
1,023events
Data breaches (86%)
6,067events

1,026 compromised employee accounts pose an infrastructure risk, while 6,064 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender36
Windows Defender マカフィー ウイルススキャン11
ESET6
Windows Defender [ON]1
Windows Defender マカフィー ウイルススキャン ESET Security1
Windows Defender ESET Security1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2122
Rhadamanthys90
Redline87
Acreed44
Vidar20
Cthulhu18
RisePro16
DarkCrystal15
Remus12

Top Login URLs

Top exposed services found in the event results

  1. 1https://signon.nikkeibp.co.jp334
  2. 2https://signon.nikkeibp.co.jp/front/login/312
  3. 3signon.nikkeibp.co.jp279
  4. 4https://medical.nikkeibp.co.jp240
  5. 5medical.nikkeibp.co.jp208
  6. 6signon.nikkeibp.co.jp/front/login/200
  7. 7https://signon.nikkeibp.co.jp/181
  8. 8signon.nikkeibp.co.jp/108
  9. 9https://medical.nikkeibp.co.jp/94
  10. 10https://medical.nikkeibp.co.jp/auth/login/login88

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Japan
Events395
United States
Events27
Taiwan
Events23
South Korea
Events16
India
Events13
Germany
Events9
United Kingdom
Events8
Indonesia
Events7

Country Breakdown

  1. 1Japan395
  2. 2United States27
  3. 3Taiwan23
  4. 4South Korea16
  5. 5India13
  6. 6Germany9
  7. 7United Kingdom8
  8. 8Indonesia7

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11100
Windows 11 24H2 build 26100 (64 Bit)49
Windows 10 22H2 build 19045 (64 Bit)36
Windows 10 Pro (10.0.19045) x6426
Windows 10 Enterprise x6424

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
5,687
Combolist pools
380
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.