Back

questdiagnostics.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure for Quest Diagnostics, with over 158,000 events logged between July 2025 and June 2026. The majority of these events, approximately 83%, are classified as historical data breaches, affecting a substantial number of clients and employees. Additionally, 17% of the events are active infostealer logs, suggesting ongoing compromise and data exfiltration. The timeline shows a notable surge in employee and client-related events in January 2026, and a consistent rise in client events from March to June 2026, indicating a prolonged period of heightened risk. The high volume of historical data breaches and active infostealer logs, coupled with the prevalence of malware families like Redline, Rhadamanthys, and LummaC2, points to a critical security posture. The targeted services include authentication and account creation portals, indicating potential credential harvesting. The leak repository classification shows a heavy reliance on combolist sources and database dumps, suggesting that credentials and sensitive information may have been exposed through various illicit channels. Prioritization should focus on immediate incident response to contain active threats, comprehensive forensic analysis of historical breaches, and robust credential management and security awareness training for employees and clients.

Total Events

158,079
credential exposure events

Employee Affected Events

56,658
account email domain = questdiagnostics.com

Client Affected Events

101,421
service target = questdiagnostics.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
25,00016,6678,3330
peak month 23,860
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events26,888
Share17%
Data breaches
Events131,191
Share83%
Infostealer logs (17%)
26,888events
Data breaches (83%)
131,191events

56,658 compromised employee accounts pose an infrastructure risk, while 101,421 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender624
Avast Antivirus22
Webroot SecureAnywhere12
Windows Defender Trend Micro Security Agent10
Avast Norton8
Windows Defender PC Matic Super Shield7
McAfee7
McAfee VirusScan6
Windows Defender Reason Cybersecurity6

Malware Families Distribution

Distribution of Active Stealer Strains

Redline4,391
Rhadamanthys3,816
LummaC22,988
Acreed2,580
Vidar1,289
X-Files1,044
Millenium357
RisePro159
Remus130

Top Login URLs

Top exposed services found in the event results

  1. 1https://auth-mq.questdiagnostics.com/cas/login13,118
  2. 2https://myquest.questdiagnostics.com/web/create-account9,617
  3. 3auth-mq.questdiagnostics.com/cas/login5,987
  4. 4myquest.questdiagnostics.com/web/create-account5,241
  5. 5https://myquest.questdiagnostics.com5,136
  6. 6myquest.questdiagnostics.com4,653
  7. 7https://auth-mq.questdiagnostics.com3,558
  8. 8https://secure.questdiagnostics.com2,957
  9. 9auth-mq.questdiagnostics.com2,944
  10. 10secure.questdiagnostics.com2,673

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events13,445
Netherlands
Events449
Germany
Events385
India
Events215
Denmark
Events192
Philippines
Events181
Venezuela
Events151
Pakistan
Events134

Country Breakdown

  1. 1United States13,445
  2. 2Netherlands449
  3. 3Germany385
  4. 4India215
  5. 5Denmark192
  6. 6Philippines181
  7. 7Venezuela151
  8. 8Pakistan134

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft81
Citrix49
Pulse Secure30
FortiNet VPN20
Cisco (AnyConnect)20
Salesforce17
Git12

Operating System Distribution

Distribution of compromised endpoint builds

Windows 113,751
Windows 11 24H2 build 26100 (64 Bit)2,055
Windows 10 Home x641,229
Windows 10 22H2 build 19045 (64 Bit)1,030
Windows 10997

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
107,568
Combolist pools
23,623
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.