Back

thehartford.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure related to thehartford.com, with a high volume of historical data breaches (97,554 events) and active infostealer logs (6,790 events) observed over the reporting period. The data breaches constitute the vast majority of the total events, suggesting a large-scale historical compromise. The infostealer activity, primarily involving malware families like Redline and Rhadamanthys, targets user credentials, potentially impacting both employees and clients. The targeted services are predominantly related to customer account access, indicating a focus on credential harvesting for financial services.

Total Events

104,344
credential exposure events

Employee Affected Events

76,433
account email domain = thehartford.com

Client Affected Events

27,911
service target = thehartford.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
40,00026,66713,3330
peak month 35,318
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events6,790
Share7%
Data breaches
Events97,554
Share94%
Infostealer logs (7%)
6,790events
Data breaches (94%)
97,554events

76,433 compromised employee accounts pose an infrastructure risk, while 27,911 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender280
Avast Antivirus77
Windows Defender McAfee12
McAfee VirusScan6
McAfee6
Windows Defender McAfee VirusScan5
Windows Defender.4
Malwarebytes3
Total AV2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline2,312
Rhadamanthys642
LummaC2614
Acreed325
X-Files228
Vidar210
Blank Grabber137
Millenium32
Remus29

Top Login URLs

Top exposed services found in the event results

  1. 1https://account.thehartford.com/customer/4,126
  2. 2account.thehartford.com/customer/2,518
  3. 3https://account.thehartford.com2,148
  4. 4account.thehartford.com2,138
  5. 5https://account.thehartford.com/customer/login1,552
  6. 6thehartford.com1,131
  7. 7account.thehartford.com/customer1,099
  8. 8https://account.thehartford.com/customer773
  9. 9account.thehartford.com/customer/login717
  10. 10https://account.thehartford.com/638

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events2,772
Netherlands
Events439
Germany
Events336
Denmark
Events168
India
Events157
Nigeria
Events74
Algeria
Events72
United Kingdom
Events52

Country Breakdown

  1. 1United States2,772
  2. 2Netherlands439
  3. 3Germany336
  4. 4Denmark168
  5. 5India157
  6. 6Nigeria74
  7. 7Algeria72
  8. 8United Kingdom52

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix98
FortiNet VPN20
Cisco (AnyConnect)14
Pulse Secure7
Git4
Microsoft2

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11540
Windows 10 Home x64350
Windows 11 24H2 build 26100 (64 Bit)299
Windows 10 22H2 build 19045 (64 Bit)278
Windows 10 Enterprise x64234

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
59,238
Combolist pools
38,316
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.