Back

ovintiv.com Domain Breach Exposure Report

Risk Score

High Risk

Critical asset booster applied - enterprise VPN / gateway credentials exposed.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting ovintiv.com, with 638 historical data breaches and 1 active infostealer log detected over the reporting period. The majority of the exposure (99.8%) stems from historical data breaches, with a smaller percentage (0.2%) attributed to active infostealer activity. A substantial number of employee accounts (635) and a smaller number of client accounts (4) appear to be affected. The timeline shows a surge in employee-related events in January 2026, with continued activity through June 2026, including a recent increase in client-related events in May and June 2026. This situation presents a high-risk scenario due to the sheer volume of historical data breaches and the presence of active infostealer logs, suggesting potential for ongoing compromise and data exfiltration. The critical asset booster being active further elevates the perceived risk. Remediation efforts should focus on investigating the root cause of the historical data breaches, securing the Pulse Secure VPN service which was targeted, and actively monitoring for and mitigating further infostealer activity. A thorough review of employee and client account security, including credential resets and multi-factor authentication enforcement, is also critical.

Total Events

639
credential exposure events

Employee Affected Events

635
account email domain = ovintiv.com

Client Affected Events

4
service target = ovintiv.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
5003331670
peak month 479
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1
Share0%
Data breaches
Events638
Share100%
Infostealer logs (0%)
1events
Data breaches (100%)
638events

635 compromised employee accounts pose an infrastructure risk, while 4 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

No Data Available

Top Login URLs

Top exposed services found in the event results

  1. 1https://vpn.ovintiv.com/dana-na/auth/url_WBYEk3PHRIt6sNQJ/welcome.cgi2
  2. 2vpn.ovintiv.com/dana-na/auth/url_WBYEk3PHRIt6sNQJ/welcome.cgi2

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Country Breakdown

No Data Available

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Pulse Secure4

Operating System Distribution

Distribution of compromised endpoint builds

-
Total

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
11
Combolist pools
627
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.