Back

statefarm.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure impacting both employees and clients of statefarm.com, with a substantial volume of historical data breaches and active infostealer logs observed over the reporting period. The data suggests that the majority of these events are linked to compromised credentials, with "Combolist sources" and "Database dumps" being the primary leak repository classifications. Infostealer malware families such as Rhadamanthys, Redline, and LummaC2 are prevalent, targeting services like statefarm.com and its login portals, primarily within the United States. The timeline shows a notable increase in employee and client-related events in early to mid-2026, coinciding with peaks in data breach and infostealer activity. Given the high volume of historical data breaches and the prevalence of infostealer activity, this exposure presents a critical risk. The focus for remediation should be on credential hygiene, including mandatory password resets for all affected employees and clients, enhanced multi-factor authentication deployment, and thorough security audits of targeted services. Investigating the root cause of the data breaches and infostealer infections, particularly those linked to specific malware families and leak repositories, is paramount to preventing further compromise.

Total Events

528,034
credential exposure events

Employee Affected Events

235,844
account email domain = statefarm.com

Client Affected Events

292,190
service target = statefarm.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
120,00080,00040,0000
peak month 109,515
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events52,591
Share10%
Data breaches
Events475,443
Share90%
Infostealer logs (10%)
52,591events
Data breaches (90%)
475,443events

235,844 compromised employee accounts pose an infrastructure risk, while 292,190 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender1,455
McAfee VirusScan27
Windows Defender McAfee25
Webroot SecureAnywhere22
Windows Defender McAfee VirusScan21
Avast Norton20
Windows Defender.20
McAfee15
Malwarebytes8

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys8,520
Redline7,527
LummaC25,910
Acreed4,984
Vidar2,359
X-Files2,299
Millenium661
Blank Grabber512
StealC305

Top Login URLs

Top exposed services found in the event results

  1. 1statefarm.com18,535
  2. 2https://www.statefarm.com/15,211
  3. 3https://proofing.statefarm.com/login-ui/login12,582
  4. 4statefarm.com/10,512
  5. 5https://proofing.statefarm.com9,493
  6. 6https://oams.statefarm.com/auth/UI/Login9,374
  7. 7https://www.statefarm.com8,699
  8. 8proofing.statefarm.com8,667
  9. 9www.statefarm.com8,525
  10. 10https://statefarm.com8,088

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events28,481
Netherlands
Events480
Germany
Events420
Venezuela
Events306
Indonesia
Events221
India
Events209
Canada
Events208
Mexico
Events164

Country Breakdown

  1. 1United States28,481
  2. 2Netherlands480
  3. 3Germany420
  4. 4Venezuela306
  5. 5Indonesia221
  6. 6India209
  7. 7Canada208
  8. 8Mexico164

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix56
Microsoft45
Pulse Secure26
Git13
Cisco (AnyConnect)13
FortiNet VPN8
Microsoft Entra ID (External ID / B2C)4

Operating System Distribution

Distribution of compromised endpoint builds

Windows 116,837
Windows 11 24H2 build 26100 (64 Bit)5,224
Windows 10 Home x642,998
Windows 102,106
Windows 10 22H2 build 19045 (64 Bit)1,924

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
301,589
Combolist pools
173,854
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.