Back

progressive.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of client and employee data, with 399,401 historical data breaches and 66,167 active infostealer logs observed over the reporting period. The majority of these events are linked to "Combolist sources" within leak repositories, suggesting credential stuffing or account takeover attempts. Malware families such as Rhadamanthys, Redline, and LummaC2 are prevalent, often targeting login services for progressive.com. The timeline shows a notable surge in client-related events during March 2026, alongside a substantial increase in employee-related events in January 2026. Given the high volume of data breach and infostealer events, this exposure presents a critical risk. The focus should be on immediate remediation of identified vulnerabilities, particularly those affecting login portals and user account management. Prioritizing the investigation of the malware families and their associated command-and-control infrastructure is essential to disrupt ongoing attacks and prevent further compromise of sensitive client and employee information.

Total Events

465,568
credential exposure events

Employee Affected Events

85,399
account email domain = progressive.com

Client Affected Events

380,169
service target = progressive.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
120,00080,00040,0000
peak month 101,662
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events66,167
Share14%
Data breaches
Events399,401
Share86%
Infostealer logs (14%)
66,167events
Data breaches (86%)
399,401events

85,399 compromised employee accounts pose an infrastructure risk, while 380,169 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender1,133
McAfee95
Windows Defender McAfee36
Windows Defender.27
McAfee VirusScan22
Windows Defender McAfee VirusScan17
Webroot SecureAnywhere16
Windows Defender Kaspersky.6
Windows Defender Trend Micro Security Agent6

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys10,771
Redline9,037
LummaC28,126
Acreed6,186
Vidar3,582
X-Files1,699
Millenium1,036
RisePro548
Blank Grabber413

Top Login URLs

Top exposed services found in the event results

  1. 1https://account.apps.progressive.com/access/login36,853
  2. 2account.progressive.com24,735
  3. 3https://account.progressive.com/access/login24,381
  4. 4https://account.progressive.com23,914
  5. 5account.apps.progressive.com/access/login23,018
  6. 6https://account.apps.progressive.com21,063
  7. 7account.progressive.com/access/login20,088
  8. 8account.apps.progressive.com19,272
  9. 9https://account.apps.progressive.com/access/register/create-credentials18,753
  10. 10account.apps.progressive.com/access/register/create-credentials10,512

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events35,566
Netherlands
Events453
Germany
Events430
Venezuela
Events351
Algeria
Events318
Canada
Events314
India
Events259
Indonesia
Events232

Country Breakdown

  1. 1United States35,566
  2. 2Netherlands453
  3. 3Germany430
  4. 4Venezuela351
  5. 5Algeria318
  6. 6Canada314
  7. 7India259
  8. 8Indonesia232

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix48
Cisco (AnyConnect)37
Microsoft26
Git22
Pulse Secure22
FortiNet VPN11
WordPress4

Operating System Distribution

Distribution of compromised endpoint builds

Windows 118,110
Windows 11 24H2 build 26100 (64 Bit)5,900
Windows 10 Home x643,258
Windows 10 22H2 build 19045 (64 Bit)2,968
Windows 10 Enterprise x642,478

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
355,477
Combolist pools
43,924
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.