Back

stanleyblackanddecker.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of employee credentials, with 38,683 employee events and 37,737 historical data breaches observed over the reporting period. Infostealer activity is also notable, with 1,824 events, primarily associated with the Redline malware family. The majority of these events originate from combolist sources and database dumps, suggesting credential stuffing or account takeover attempts targeting employee accounts. The timeline shows a surge in employee-related events in September 2025 and January 2026, coinciding with increased infostealer activity. The affected services include internal portals like ucentral and employeestore, indicating a focus on accessing internal company resources. The prevalence of older Windows operating systems in the observed telemetry may represent a vulnerability vector. Given the high volume of historical data breaches and infostealer events targeting employee credentials, this situation presents a critical risk. The primary remediation focus should be on credential hygiene, including mandatory password resets, multi-factor authentication enforcement for all employee and client access, and enhanced monitoring for suspicious login activity. Investigating the source of the data breaches and infostealer logs is crucial to understand the initial compromise vector and prevent further exploitation. Prioritizing the patching or upgrading of legacy operating systems should also be considered to mitigate potential vulnerabilities.

Total Events

39,561
credential exposure events

Employee Affected Events

38,683
account email domain = stanleyblackanddecker.com

Client Affected Events

878
service target = stanleyblackanddecker.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
15,00010,0005,0000
peak month 13,103
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,824
Share5%
Data breaches
Events37,737
Share95%
Infostealer logs (5%)
1,824events
Data breaches (95%)
37,737events

38,683 compromised employee accounts pose an infrastructure risk, while 878 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Bitdefender1
Windows Defender1
Avira1
Kaspersky1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,767
Acreed14
LummaC213
Vidar6
X-Files5
RisePro2

Top Login URLs

Top exposed services found in the event results

  1. 1stanleyblackanddecker.com392
  2. 2https://ucentral.stanleyblackanddecker.com/psp/PA91PRD/EMPLOYEE/EMPL/h/41
  3. 3ucentral.stanleyblackanddecker.com/psp/PA91PRD/EMPLOYEE/EMPL/h/33
  4. 4https://employeestore.stanleyblackanddecker.com/account/login33
  5. 5https://ucentral.stanleyblackanddecker.com32
  6. 6ucentral.stanleyblackanddecker.com27
  7. 7ucentral.stanleyblackanddecker.com/psp/PA91PRD/EMPLOYEE/EMPL/h11
  8. 8https://employeestore.stanleyblackanddecker.com11
  9. 9hrms.stanleyblackanddecker.com11
  10. 10https://hrms.stanleyblackanddecker.com/psc/PS92PRD/EMPLOYEE/HRMS/c/BD_AD_CHK.BD_AD_ACCT_TYPE.GBL11

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Netherlands
Events462
United States
Events440
Germany
Events372
Denmark
Events154
Belgium
Events42
United Kingdom
Events41
France
Events37
Romania
Events28

Country Breakdown

  1. 1Netherlands462
  2. 2United States440
  3. 3Germany372
  4. 4Denmark154
  5. 5Belgium42
  6. 6United Kingdom41
  7. 7France37
  8. 8Romania28

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix59
Cisco (AnyConnect)35
Pulse Secure21
FortiNet VPN11
Git5

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Home x32147
Windows 7 x32133
Windows Vista x32132
Windows Server 2012 x32132
Windows 8 x32131

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
27,899
Combolist pools
9,838
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.