Back

teamtreehouse.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting teamtreehouse.com, with a high risk score of 92. The primary concern stems from over 30,000 historical data breaches and over 3,000 active infostealer logs, predominantly affecting clients. The timeline shows a surge in client-related events from September 2025 through April 2026, with employee-related events also appearing in September 2025 and January, April, and June 2026. The prevalence of "Combolist sources" in leak repositories, coupled with common infostealer families like Redline and LummaC2, suggests credential stuffing or account takeover attempts targeting client accounts. The affected operating systems are primarily Windows 10 and 11 variants. Given the high volume of client data exposure and the nature of the observed malware, immediate focus should be on credential hygiene, multi-factor authentication enforcement for all accounts, and enhanced monitoring for suspicious login activity originating from the United States and India, where a notable portion of the affected users are located.

Total Events

33,242
credential exposure events

Employee Affected Events

181
account email domain = teamtreehouse.com

Client Affected Events

33,061
service target = teamtreehouse.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
8,0005,3332,6670
peak month 7,085
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events3,136
Share9%
Data breaches
Events30,106
Share91%
Infostealer logs (9%)
3,136events
Data breaches (91%)
30,106events

181 compromised employee accounts pose an infrastructure risk, while 33,061 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender15
AVG Antivirus4
Kaspersky4
Malwarebytes2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline607
LummaC2509
Rhadamanthys295
Acreed234
Vidar188
RisePro51
StealC50
Millenium32
Raccoon21

Top Login URLs

Top exposed services found in the event results

  1. 1teamtreehouse.com5,979
  2. 2https://teamtreehouse.com5,674
  3. 3https://teamtreehouse.com/3,636
  4. 4teamtreehouse.com/3,162
  5. 5https://teamtreehouse.com/subscribe/new2,200
  6. 6https://teamtreehouse.com/signin2,143
  7. 7teamtreehouse.com/subscribe/new1,874
  8. 8teamtreehouse.com/signin1,739
  9. 9https://teamtreehouse.com/person_session1,054
  10. 10teamtreehouse.com/person_session944

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events247
India
Events191
Egypt
Events122
Pakistan
Events110
United Kingdom
Events109
Vietnam
Events94
Morocco
Events60
Philippines
Events60

Country Breakdown

  1. 1United States247
  2. 2India191
  3. 3Egypt122
  4. 4Pakistan110
  5. 5United Kingdom109
  6. 6Vietnam94
  7. 7Morocco60
  8. 8Philippines60

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Enterprise x64295
Windows 11280
Windows 11 24H2 build 26100 (64 Bit)189
Windows 10106
Windows 10 Pro (10.0.19045) x6499

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
30,018
Combolist pools
88
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.