Back

saic.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting saic.com, with a total of 79,306 recorded events over the period from July 2025 to June 2026. The majority of these events, 78,522 (99%), are classified as historical data breaches, while 784 (1%) are active infostealer logs. The timeline shows a sharp increase in employee-related events in September 2025 and January 2026, with 8,243 and 54,487 events respectively, alongside substantial client-related events in September 2025 (1,090) and March 2026 (1,170). Malware analysis reveals Redline, LummaC2, and Rhadamanthys as the most prevalent families, often associated with credential theft. Targeted services include the main saic.com domain, job portals, and authentication services like ADFS, suggesting potential compromise of employee and client access. Geographically, Thailand and the United States show the highest number of associated events. The data originates from combolist sources and database dumps, indicating a high likelihood of credential stuffing and data exfiltration.

Total Events

79,306
credential exposure events

Employee Affected Events

74,388
account email domain = saic.com

Client Affected Events

4,918
service target = saic.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
60,00040,00020,0000
peak month 54,487
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events784
Share1%
Data breaches
Events78,522
Share99%
Infostealer logs (1%)
784events
Data breaches (99%)
78,522events

74,388 compromised employee accounts pose an infrastructure risk, while 4,918 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender10
Windows Defender.6

Malware Families Distribution

Distribution of Active Stealer Strains

Redline215
LummaC2138
Rhadamanthys62
Acreed55
X-Files30
Vidar27
RisePro24
StealC23
Millenium14

Top Login URLs

Top exposed services found in the event results

  1. 1saic.com722
  2. 2android://OX8pfPfWC4Eef9r2i_1tf6mXeujOj-9FsxgJcVox9wpdszp9oWvM8BhDKS5rdbmdR5EIx3XVshAFpnkLIsJq2A==@com.saic.roewe.iov/668
  3. 3https://jobs.saic.com306
  4. 4jobs.saic.com282
  5. 5https://fs.saic.com/adfs/ls125
  6. 6https://jobs.saic.com/talentcommunity/login/118
  7. 7jobs.saic.com/talentcommunity/login/114
  8. 8fs.saic.com/adfs/ls112
  9. 9fs.saic.com86
  10. 10https://fs.saic.com81

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Thailand
Events286
United States
Events170
Qatar
Events13
India
Events12
South Korea
Events6
Brazil
Events6
Venezuela
Events5
Mexico
Events5

Country Breakdown

  1. 1Thailand286
  2. 2United States170
  3. 3Qatar13
  4. 4India12
  5. 5South Korea6
  6. 6Brazil6
  7. 7Venezuela5
  8. 8Mexico5

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft311
Auth03

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11111
Windows 10 Home x6497
Windows 10 Enterprise x6474
Windows 10 Pro (10.0.19045) x6435
Windows 10 22H2 build 19045 (64 Bit)30

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
14,346
Combolist pools
64,176
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.