Back

raspberrypi.org Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure related to the raspberrypi.org domain, with a high risk score of 91. The primary concern stems from a large volume of historical data breaches (25,911 events) and active infostealer logs (4,149 events) over the observed period. These events predominantly originate from "Combolist sources" within leak repositories, suggesting compromised credentials. The timeline shows a notable increase in employee and client-related events from September 2025 onwards, peaking in April 2026. Malware families like LummaC2, Rhadamanthys, and Redline are frequently observed. The high number of data breaches and infostealer activity, particularly linked to credential stuffing or account takeover attempts targeting services like the Raspberry Pi forums and signup pages, poses a substantial risk. The prevalence of Windows operating systems in the telemetry suggests a focus on Windows-based endpoints. Prioritization should focus on credential hygiene, multi-factor authentication enforcement, and monitoring for unauthorized access attempts across affected services and user accounts.

Total Events

30,060
credential exposure events

Employee Affected Events

166
account email domain = raspberrypi.org

Client Affected Events

29,894
service target = raspberrypi.org

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
8,0005,3332,6670
peak month 7,364
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events4,149
Share14%
Data breaches
Events25,911
Share86%
Infostealer logs (14%)
4,149events
Data breaches (86%)
25,911events

166 compromised employee accounts pose an infrastructure risk, while 29,894 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender125
Windows Defender Norton Security6
Malwarebytes4
Windows Defender.2

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2754
Rhadamanthys550
Redline514
Acreed353
Vidar262
RisePro69
Millenium67
StealC49
Remus41

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.raspberrypi.org/forums/ucp.php3,141
  2. 2raspberrypi.org/forums/ucp.php2,837
  3. 3https://my.raspberrypi.org/signup/13-plus2,796
  4. 4raspberrypi.org2,060
  5. 5https://my.raspberrypi.org1,680
  6. 6www.raspberrypi.org/forums/ucp.php1,597
  7. 7my.raspberrypi.org1,528
  8. 8my.raspberrypi.org/signup/13-plus1,416
  9. 9https://raspberrypi.org1,381
  10. 10https://www.raspberrypi.org1,375

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events296
United Kingdom
Events227
India
Events162
South Africa
Events122
Romania
Events118
Italy
Events98
Egypt
Events89
France
Events87

Country Breakdown

  1. 1United States296
  2. 2United Kingdom227
  3. 3India162
  4. 4South Africa122
  5. 5Romania118
  6. 6Italy98
  7. 7Egypt89
  8. 8France87

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

WordPress2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11496
Windows 11 24H2 build 26100 (64 Bit)248
Windows 10 Enterprise x64204
Windows 10 22H2 build 19045 (64 Bit)176
Windows 10 Pro (10.0.19045) x64142

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
25,859
Combolist pools
52
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.