Back

pvh.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event for pvh.com, with 47,237 historical data breaches and 2,036 active infostealer logs observed over the reporting period. The majority of infostealer activity is attributed to the Redline malware family, accounting for 88.4% of identified malware. Employee and client data appear to be the primary targets, with 47,755 employee-related events and 1,518 client-related events. The data breaches and infostealer logs originate from various sources, including combolist sources (76.2%) and database dumps (23.8%). The high volume of historical data breaches and active infostealer logs, particularly those targeting employee credentials, presents a critical risk. The prevalence of Redline malware suggests a focus on credential harvesting. Remediation efforts should prioritize securing authentication mechanisms, investigating the source of the combolists and database dumps, and enhancing endpoint detection and response capabilities to mitigate further credential compromise and data exfiltration.

Total Events

49,273
credential exposure events

Employee Affected Events

47,755
account email domain = pvh.com

Client Affected Events

1,518
service target = pvh.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
15,00010,0005,0000
peak month 13,033
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,036
Share4%
Data breaches
Events47,237
Share96%
Infostealer logs (4%)
2,036events
Data breaches (96%)
47,237events

47,755 compromised employee accounts pose an infrastructure risk, while 1,518 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender15
Windows Defender Avast Antivirus4
Kaspersky2
Bitdefender1
Windows Defender ESET Security1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,800
LummaC255
Acreed22
Millenium10
Vidar10
Rhadamanthys7
Blank Grabber4
Raccoon2
StealC1

Top Login URLs

Top exposed services found in the event results

  1. 1pvh.com606
  2. 2https://fs.pvh.com/adfs/ls/163
  3. 3fs.pvh.com/adfs/ls/91
  4. 4https://fs.pvh.com77
  5. 5fs.pvh.com72
  6. 6https://fs.pvh.com/57
  7. 7fs.pvh.com/47
  8. 8https://fs.pvh.com/adfs/portal/updatepassword38
  9. 9fs.pvh.com/adfs/ls34
  10. 10https://fs.pvh.com/adfs/ls27

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events464
Netherlands
Events403
Germany
Events369
Denmark
Events166
United Kingdom
Events52
Türkiye
Events37
Switzerland
Events30
France
Events29

Country Breakdown

  1. 1United States464
  2. 2Netherlands403
  3. 3Germany369
  4. 4Denmark166
  5. 5United Kingdom52
  6. 6Türkiye37
  7. 7Switzerland30
  8. 8France29

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft386
Pulse Secure61
Citrix52
Cisco (AnyConnect)35
Git28
FortiNet VPN25
F513

Operating System Distribution

Distribution of compromised endpoint builds

Windows Server 2008 R2 x32151
Windows 8.1 x32134
Windows Server 2003 R2 x32131
Windows 10 Home x32131
Windows Server 2019 x32129

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
35,987
Combolist pools
11,250
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.