Back

pfizer.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting pfizer.com, with a risk score of 100. Over the period from July 2025 to June 2026, there were 182,746 total events, overwhelmingly comprising 179,622 historical data breaches (98.3%) and 3,124 active infostealer logs (1.7%). The data breaches suggest a large-scale compromise of sensitive information, while the infostealer activity points to ongoing credential harvesting. The timeline shows a sharp increase in employee-related events in January 2026, coinciding with a surge in client-related events in March 2026, indicating potential widespread impact across both user groups. The primary malware families associated with infostealer activity are Redline (64.7%), Rhadamanthys (5.5%), and LummaC2 (5%), all known for their ability to exfiltrate credentials and sensitive data from compromised systems. Targeted services include the main pfizer.com domain and its associated job portals, suggesting a focus on employee and potentially applicant data. The majority of data appears to originate from "Database dumps" (64.5%) and "Combolist sources" (35.5%), indicating compromised credentials and potentially large-scale data exfiltration. Given the high risk score and the nature of the events, this exposure requires immediate attention. The prevalence of historical data breaches and active infostealer logs, particularly those targeting employee and client-related services, suggests a high likelihood of compromised credentials and sensitive data. Prioritization should focus on incident response, including thorough investigation of the data breaches and infostealer activity, identification of compromised accounts and data, and implementation of robust credential hygiene measures. Remediation efforts should concentrate on securing affected systems, revoking compromised credentials, enhancing monitoring for further suspicious activity, and reinforcing security awareness training for employees to mitigate the risk of credential compromise and further data exfiltration.

Total Events

182,746
credential exposure events

Employee Affected Events

170,627
account email domain = pfizer.com

Client Affected Events

12,119
service target = pfizer.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
100,00066,66733,3330
peak month 86,555
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events3,124
Share2%
Data breaches
Events179,622
Share98%
Infostealer logs (2%)
3,124events
Data breaches (98%)
179,622events

170,627 compromised employee accounts pose an infrastructure risk, while 12,119 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender28
Windows Defender Kaspersky Total Security4
Bitdefender2
Avira2
Kaspersky2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,021
Rhadamanthys172
LummaC2157
Acreed133
Vidar37
RisePro35
StealC16
Raccoon10
X-Files8

Top Login URLs

Top exposed services found in the event results

  1. 1pfizer.com3,690
  2. 2https://globaljobs.pfizer.com/pages/login.aspx854
  3. 3globaljobs.pfizer.com/pages/login.aspx548
  4. 4https://globaljobs.pfizer.com343
  5. 5globaljobs.pfizer.com329
  6. 6https://prodfederate.pfizer.com136
  7. 7prodfederate.pfizer.com133
  8. 8https://jobs.pfizer.com/psc/recruit/EMPLOYEE/HRMS/c/LSYS_DEVELOPMENT.Z_PFIZER_JOBS.GBL109
  9. 9jobs.pfizer.com102
  10. 10https://logonsso.pfizer.com/IAMCentralAuthn/Form/IAMCentralLogin.aspx100

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events565
Netherlands
Events448
Germany
Events365
Denmark
Events163
India
Events161
Egypt
Events94
United Kingdom
Events67
Poland
Events55

Country Breakdown

  1. 1United States565
  2. 2Netherlands448
  3. 3Germany365
  4. 4Denmark163
  5. 5India161
  6. 6Egypt94
  7. 7United Kingdom67
  8. 8Poland55

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Pulse Secure242
Citrix54
Cisco (AnyConnect)26
Microsoft Entra ID (External ID / B2C)24
Git24
Jira (Atlassian)24
Microsoft21

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Enterprise x64158
Windows Server 2012 R2 x32146
Windows 10 Home x32134
Windows 7 x32133
Windows 8 x32130

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
63,705
Combolist pools
115,917
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.