Back

sony.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting sony.com, with over 10 million total events logged between July 2025 and June 2026. The majority of these events, approximately 80%, are classified as historical data breaches, while the remaining 20% are active infostealer logs. This suggests a persistent threat landscape where both past compromises and ongoing credential harvesting are prevalent. The exposure primarily affects clients, with over 10 million client-related events, and a smaller but notable number of employee-related events (22,453). Key targeted services include various login portals for sony.com accounts, indicating a focus on account takeover and credential stuffing. The data also highlights the prevalence of infostealer malware families such as Rhadamanthys, LummaC2, and Redline, which are commonly used to exfiltrate credentials and sensitive information. The geographical distribution shows a concentration of affected users in the United States, Brazil, and France. The leak repository classification indicates that a vast majority of the exposed data originates from combolist sources, suggesting large-scale credential stuffing attacks leveraging previously breached credentials.

Total Events

10,084,021
credential exposure events

Employee Affected Events

22,453
account email domain = sony.com

Client Affected Events

10,061,568
service target = sony.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
2,500,0001,666,667833,3330
peak month 2,251,609
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,075,568
Share21%
Data breaches
Events8,008,453
Share79%
Infostealer logs (21%)
2,075,568events
Data breaches (79%)
8,008,453events

22,453 compromised employee accounts pose an infrastructure risk, while 10,061,568 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender15,869
Windows Defender.719
Malwarebytes378
Avast365
Windows Defender [ON]205
Reason Cybersecurity201
Avast AVG154
McAfee115
Avast Norton105

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys378,076
LummaC2350,859
Redline305,673
Vidar142,965
Acreed130,498
RisePro31,437
StealC29,534
Millenium15,083
Remus13,559

Top Login URLs

Top exposed services found in the event results

  1. 1https://my.account.sony.com/central/signin/2,024,583
  2. 2my.account.sony.com/central/signin/1,268,123
  3. 3https://my.account.sony.com1,193,509
  4. 4my.account.sony.com1,152,587
  5. 5https://my.account.sony.com/sonyacct/signin/1,098,075
  6. 6https://my.account.sony.com/767,018
  7. 7my.account.sony.com/sonyacct/signin/450,980
  8. 8my.account.sony.com/central/signin435,571
  9. 9my.account.sony.com/412,746
  10. 10https://my.account.sony.com/central/signin395,294

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events209,033
Brazil
Events101,869
France
Events73,433
Spain
Events53,221
Germany
Events47,711
Argentina
Events47,531
Saudi Arabia
Events43,663
United Kingdom
Events38,989

Country Breakdown

  1. 1United States209,033
  2. 2Brazil101,869
  3. 3France73,433
  4. 4Spain53,221
  5. 5Germany47,711
  6. 6Argentina47,531
  7. 7Saudi Arabia43,663
  8. 8United Kingdom38,989

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft910
Microsoft Entra ID (External ID / B2C)23
Salesforce20
Jira (Atlassian)18
Citrix16
WordPress12
Cisco (AnyConnect)10

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 24H2 build 26100 (64 Bit)169,601
Windows 11142,173
Windows 10 22H2 build 19045 (64 Bit)113,803
Windows 10 Enterprise x64113,289
Windows 10 Home x6472,036

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
7,985,476
Combolist pools
22,977
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.