Back

target.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting target.com, with over 1.3 million total events recorded over the past year. The majority of these events are historical data breaches (87.2%) and active infostealer logs (12.8%). A substantial number of employee (187,834) and client (1,137,116) records are implicated. The timeline shows a sharp increase in employee-related events in January 2026, followed by a surge in client-related events in March 2026. Malware families such as Rhadamanthys, LummaC2, and Redline are prevalent, suggesting active credential harvesting and data exfiltration campaigns targeting login services for target.com.

Total Events

1,324,950
credential exposure events

Employee Affected Events

187,834
account email domain = target.com

Client Affected Events

1,137,116
service target = target.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
300,000200,000100,0000
peak month 284,500
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events169,718
Share13%
Data breaches
Events1,155,232
Share87%
Infostealer logs (13%)
169,718events
Data breaches (87%)
1,155,232events

187,834 compromised employee accounts pose an infrastructure risk, while 1,137,116 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender2,558
McAfee VirusScan227
Windows Defender.112
McAfee108
Malwarebytes72
Windows Defender McAfee57
Avast Norton39
Webroot SecureAnywhere34
Windows Defender Norton Security33

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys27,286
LummaC223,319
Redline22,674
Acreed15,198
Vidar9,397
X-Files3,071
Millenium2,898
RisePro1,045
Blank Grabber1,031

Top Login URLs

Top exposed services found in the event results

  1. 1target.com73,217
  2. 2https://www.target.com/login67,553
  3. 3https://login.target.com/gsp/static/v1/login/67,293
  4. 4https://target.com51,337
  5. 5https://www.target.com/co-login44,884
  6. 6https://www.target.com44,578
  7. 7login.target.com/gsp/static/v1/login/41,369
  8. 8target.com/co-login37,582
  9. 9target.com/login36,085
  10. 10https://login.target.com35,787

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events83,778
India
Events1,497
Mexico
Events1,165
Venezuela
Events913
Canada
Events895
Nigeria
Events806
Pakistan
Events720
Germany
Events665

Country Breakdown

  1. 1United States83,778
  2. 2India1,497
  3. 3Mexico1,165
  4. 4Venezuela913
  5. 5Canada895
  6. 6Nigeria806
  7. 7Pakistan720
  8. 8Germany665

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

F52,128
Git78
Citrix68
Jira (Atlassian)46
WordPress36
Pulse Secure25
Cisco (AnyConnect)17

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1118,772
Windows 11 24H2 build 26100 (64 Bit)15,264
Windows 10 Home x649,513
Windows 10 22H2 build 19045 (64 Bit)6,879
Windows 10 Enterprise x646,301

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
1,010,776
Combolist pools
144,456
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.