Back

scottrade.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event affecting scottrade.com, with 17,711 historical data breaches and 1,647 active infostealer logs observed over the reporting period. The majority of these events are linked to "Combolist sources" (81.6%) and "Database dumps" (18.4%), suggesting credential stuffing or data aggregation from previous breaches. A notable surge in employee and client-related events occurred in January 2026, coinciding with a high volume of infostealer activity. Malware families such as Redline, LummaC2, Acreed, and Rhadamanthys are prevalent, indicating active compromise and data exfiltration attempts. Given the high volume of historical data breaches and active infostealer logs, this situation presents a critical risk. The primary focus should be on immediate incident response to contain ongoing compromises, followed by a comprehensive review of authentication mechanisms and data protection policies. Remediation efforts should prioritize identifying the root cause of the data breaches and infostealer activity, strengthening defenses against credential stuffing, and ensuring all affected employee and client data is secured and accounted for.

Total Events

19,358
credential exposure events

Employee Affected Events

3,357
account email domain = scottrade.com

Client Affected Events

16,001
service target = scottrade.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
4,0002,6671,3330
peak month 3,919
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,647
Share9%
Data breaches
Events17,711
Share92%
Infostealer logs (9%)
1,647events
Data breaches (92%)
17,711events

3,357 compromised employee accounts pose an infrastructure risk, while 16,001 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender46
Windows Defender ESET Security4

Malware Families Distribution

Distribution of Active Stealer Strains

Redline254
LummaC2202
Acreed194
Rhadamanthys192
Vidar41
X-Files25
Millenium16
Raccoon11
RisePro10

Top Login URLs

Top exposed services found in the event results

  1. 1https://trading.scottrade.com1,579
  2. 2https://trading.scottrade.com/default.aspx1,552
  3. 3trading.scottrade.com/default.aspx1,509
  4. 4trading.scottrade.com1,468
  5. 5https://trading.scottrade.com/Default.aspx896
  6. 6https://trading.scottrade.com/838
  7. 7scottrade.com743
  8. 8trading.scottrade.com/727
  9. 9trading.scottrade.com/Default.aspx698
  10. 10https://www.scottrade.com/641

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events751
Taiwan
Events50
India
Events18
Canada
Events17
Singapore
Events16
Pakistan
Events14
Indonesia
Events9

Country Breakdown

  1. 1United States751
  2. 2Taiwan50
  3. 3India18
  4. 4Canada17
  5. 5Singapore16
  6. 6Pakistan14
  7. 7Indonesia9
  8. 8Martinique6

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Pulse Secure1

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11209
Windows 11 24H2 build 26100 (64 Bit)163
Windows 10 Enterprise x64143
Windows 1055
Windows 10 Home x6449

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
14,444
Combolist pools
3,267
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.