Back

tandfonline.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event affecting tandfonline.com, with over 110,000 historical data breaches and over 13,000 active infostealer logs observed within the reporting period. The majority of these events are linked to "Combolist sources," suggesting credential stuffing or account takeover attempts. The timeline shows a notable increase in employee and client-related events starting in March 2026, with a peak in April 2026. Malware families like Redline, LummaC2, and Rhadamanthys are prevalent, indicating active credential harvesting and data exfiltration. The targeted services are primarily related to user registration and login functionalities on the tandfonline.com domain, suggesting these are the entry points or targets of the observed activity. The geographical breakdown shows a concentration of activity originating from India, Indonesia, and Egypt. Given the high volume of data breaches and active infostealer logs, coupled with the prevalence of credential-harvesting malware and the targeting of login services, this incident poses a critical risk. The exposure of over 110,000 records through historical data breaches and the ongoing threat from infostealers necessitate immediate attention. Remediation efforts should focus on securing user credentials, enhancing authentication mechanisms, and investigating the source of the "Combolist sources" and associated malware. Prioritizing the protection of client data and employee accounts is paramount.

Total Events

123,756
credential exposure events

Employee Affected Events

111
account email domain = tandfonline.com

Client Affected Events

123,645
service target = tandfonline.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 32,307
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events13,395
Share11%
Data breaches
Events110,361
Share89%
Infostealer logs (11%)
13,395events
Data breaches (89%)
110,361events

111 compromised employee accounts pose an infrastructure risk, while 123,645 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender216
Windows Defender Norton Security Ultra44
Quick Heal Internet Security22
Kaspersky10
Windows Defender.10
Windows Defender Trend Micro Security Agent5
Windows Defender [ON]4
Windows Defender McAfee VirusScan3
Windows Defender Avast Antivirus.2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,409
LummaC22,194
Rhadamanthys1,227
Vidar943
Acreed705
RisePro493
StealC393
Remus108
Millenium91

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.tandfonline.com/action/registration18,637
  2. 2tandfonline.com/action/registration13,655
  3. 3tandfonline.com13,473
  4. 4https://tandfonline.com9,552
  5. 5www.tandfonline.com/action/registration8,660
  6. 6https://www.tandfonline.com8,020
  7. 7www.tandfonline.com5,700
  8. 8https://www.tandfonline.com/action/showLogin4,910
  9. 9https://tandfonline.com/action/registration4,899
  10. 10tandfonline.com/action/showLogin3,713

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events993
Indonesia
Events823
Egypt
Events474
Ethiopia
Events452
Pakistan
Events357
Philippines
Events337
United States
Events290
Iraq
Events221

Country Breakdown

  1. 1India993
  2. 2Indonesia823
  3. 3Egypt474
  4. 4Ethiopia452
  5. 5Pakistan357
  6. 6Philippines337
  7. 7United States290
  8. 8Iraq221

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11966
Windows 10 Enterprise x64897
Windows 10 Pro529
Windows 11 24H2 build 26100 (64 Bit)474
Windows 10 Home x64468

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
110,328
Combolist pools
33
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.