Back

solventum.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain solventum.com has experienced a significant number of historical data breaches (663) and active infostealer logs (158) over the past year, indicating a substantial exposure of sensitive information. The timeline shows a sharp increase in employee and client-related events starting in late 2025 and peaking in early 2026, with a notable surge in March 2026. Malware families such as Vidar, Rhadamanthys, and LummaC2 are prevalent, often associated with infostealer activities. The data suggests that 84.3% of the exposure originates from database dumps and 15.7% from combolist sources, impacting both employees and clients. The primary affected operating systems are Windows 11 and Windows 10 variants, with a small percentage of Windows Defender detections.

Total Events

821
credential exposure events

Employee Affected Events

622
account email domain = solventum.com

Client Affected Events

199
service target = solventum.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
250167830
peak month 241
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events158
Share19%
Data breaches
Events663
Share81%
Infostealer logs (19%)
158events
Data breaches (81%)
663events

622 compromised employee accounts pose an infrastructure risk, while 199 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender3

Malware Families Distribution

Distribution of Active Stealer Strains

Vidar72
Rhadamanthys18
LummaC216
Millenium8
Acreed6
StealC2
Redline2
Cthulhu2
Remus1

Top Login URLs

Top exposed services found in the event results

  1. 1https://occidentityserver-sl1-staging.ocsd.solventum.com/core/login45
  2. 2https://occidentityserverdemo.ocsd.solventum.com/core/login44
  3. 3https://auth.occ.solventum.com/core/login43
  4. 4https://order.solventum.com/store/user/login14
  5. 5https://order.solventum.com/store/bComHCUSSite/en_US/registrationPage10
  6. 6order.solventum.com/store/user/login8
  7. 7order.solventum.com6
  8. 8https://order.solventum.com6
  9. 9occidentityserver-sl1-staging.ocsd.solventum.com/core/login5
  10. 10order.solventum.com/store/bComHCUSSite/en_US/registrationPage4

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events27
United States
Events20
Bangladesh
Events12
Finland
Events12
Canada
Events9
Egypt
Events3
Morocco
Events3

Country Breakdown

  1. 1India27
  2. 2United States20
  3. 3Bangladesh12
  4. 4Finland12
  5. 5Canada9
  6. 6Togo3
  7. 7Egypt3
  8. 8Morocco3

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 Home Single Language24
Windows 11 Pro18
Windows 10 Pro15
Windows 1114
Windows 10/1112

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
104
Combolist pools
559
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.