Back

ryder.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting ryder.com, with over 63,000 total events recorded between July 2025 and June 2026. The majority of these events (96.2%) are historical data breaches, with a substantial number of active infostealer logs (3.8%) also detected. Employee data is heavily affected, with over 60,000 employee-related events, and client data is also compromised with over 3,000 client-related events. The primary malware families observed are Redline, Rhadamanthys, and LummaC2, all known for credential and information theft. The exposure is geographically concentrated in the United States, Netherlands, and Germany. The high volume of historical data breaches and active infostealer logs, coupled with the targeting of services like ADFS and LMS, suggests a critical risk of further credential compromise and potential unauthorized access. The prevalence of older, vulnerable operating systems like Windows Vista and Windows 7, alongside the presence of combolist sources and database dumps, indicates a need for immediate remediation focused on credential hygiene, multi-factor authentication enforcement, and patching of legacy systems. Prioritization should be given to securing authentication services and mitigating the impact of infostealer malware.

Total Events

63,462
credential exposure events

Employee Affected Events

60,311
account email domain = ryder.com

Client Affected Events

3,151
service target = ryder.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
25,00016,6678,3330
peak month 22,264
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,385
Share4%
Data breaches
Events61,077
Share96%
Infostealer logs (4%)
2,385events
Data breaches (96%)
61,077events

60,311 compromised employee accounts pose an infrastructure risk, while 3,151 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Webroot SecureAnywhere10
Bitdefender1
Avira1
Kaspersky1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,832
Rhadamanthys187
LummaC2125
Vidar36
Acreed11
Aurora8
Blank Grabber6
StealC4
X-Files4

Top Login URLs

Top exposed services found in the event results

  1. 1ryder.com919
  2. 2https://fs.ryder.com/adfs/ls/75
  3. 3https://lms.ryder.com/LMS/DesktopModules/Secure/SslLogon.aspx73
  4. 4https://fs.ryder.com/67
  5. 5https://newsaml.ryder.com52
  6. 6fs.ryder.com/adfs/ls/50
  7. 7fs.ryder.com47
  8. 8newsaml.ryder.com47
  9. 9https://fs.ryder.com44
  10. 10https://ryderonline.ryder.com43

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events727
Netherlands
Events431
Germany
Events369
Denmark
Events145
Mexico
Events50
United Kingdom
Events48
India
Events34

Country Breakdown

  1. 1United States727
  2. 2Netherlands431
  3. 3Germany369
  4. 4Denmark145
  5. 5Mexico50
  6. 6United Kingdom48
  7. 7Luxembourg45
  8. 8India34

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft184
Citrix77
Okta30
Cisco (AnyConnect)30
Pulse Secure17
FortiNet VPN11
Git8

Operating System Distribution

Distribution of compromised endpoint builds

Windows Vista x32155
Windows 7 x32134
Windows 10 Home x32131
Windows Server 2003 R2 x32130
Windows Server 2012 x32126

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
38,139
Combolist pools
22,938
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.