Back

sparknotes.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting sparknotes.com, with a high risk score of 84. The primary concern stems from over 10,000 historical data breaches, predominantly originating from combolist sources, affecting approximately 12,347 clients. Additionally, there are over 2,200 active infostealer logs, with Rhadamanthys and LummaC2 being the most prevalent malware families observed. The timeline shows a notable increase in employee and client-related events in March and April 2026, suggesting a period of heightened compromise. The majority of affected systems are running various versions of Windows 11 and Windows 10, with the United States and India being the most frequently observed geographies.

Total Events

12,443
credential exposure events

Employee Affected Events

96
account email domain = sparknotes.com

Client Affected Events

12,347
service target = sparknotes.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
4,0002,6671,3330
peak month 3,454
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,218
Share18%
Data breaches
Events10,225
Share82%
Infostealer logs (18%)
2,218events
Data breaches (82%)
10,225events

96 compromised employee accounts pose an infrastructure risk, while 12,347 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender89
Avast1
Kaspersky1

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys352
LummaC2337
Redline195
Vidar179
Acreed151
StealC23
RisePro19
Millenium18
Remus14

Top Login URLs

Top exposed services found in the event results

  1. 1sparknotes.com1,315
  2. 2https://sparknotes.com930
  3. 3https://www.sparknotes.com/912
  4. 4https://www.sparknotes.com686
  5. 5www.sparknotes.com674
  6. 6https://www.sparknotes.com/account/signup436
  7. 7sparknotes.com/398
  8. 8sparknotes.com/account/signup385
  9. 9www.sparknotes.com/336
  10. 10www.sparknotes.com/account/signup206

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events316
India
Events261
Pakistan
Events64
Canada
Events55
Bangladesh
Events47
Iraq
Events45
Australia
Events39
Egypt
Events38

Country Breakdown

  1. 1United States316
  2. 2India261
  3. 3Pakistan64
  4. 4Canada55
  5. 5Bangladesh47
  6. 6Iraq45
  7. 7Australia39
  8. 8Egypt38

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 24H2 build 26100 (64 Bit)207
Windows 11196
Windows 10 Pro (10.0.19045) x6497
Windows 11 Home Single Language 25H2 (Build 26200)92
Windows 10 Pro88

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
10,205
Combolist pools
20
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.