Back

thenextweb.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of client data, with 4690 client records compromised and 4190 historical data breaches observed over the reporting period. Additionally, 738 active infostealer logs suggest ongoing compromise. The primary threat actors are leveraging infostealer malware families such as LummaC2, Redline, and Rhadamanthys, targeting services associated with thenextweb.com, particularly its deals and account portals. The majority of affected systems are running Windows 11 and Windows 10 variants, with a notable concentration of compromised data originating from India and the United States. The exposure is largely attributed to combolist sources within leak repositories, indicating credential stuffing or similar credential-based attacks as a primary vector. Given the high volume of client data breaches and active infostealer activity, this exposure presents a critical risk. The focus for remediation should be on immediate credential reset for all affected client accounts, enhanced monitoring of the deals.thenextweb.com and accounts.thenextweb.com services for suspicious activity, and a thorough review of authentication mechanisms to prevent future credential stuffing attacks. The prevalence of infostealer malware suggests a need for endpoint security improvements and user awareness training regarding phishing and credential harvesting.

Total Events

4,928
credential exposure events

Employee Affected Events

238
account email domain = thenextweb.com

Client Affected Events

4,690
service target = thenextweb.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
1,2008004000
peak month 1,133
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events738
Share15%
Data breaches
Events4,190
Share85%
Infostealer logs (15%)
738events
Data breaches (85%)
4,190events

238 compromised employee accounts pose an infrastructure risk, while 4,690 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender18
Windows Defender Seqrite Endpoint Protection2

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2134
Redline82
Rhadamanthys56
Acreed50
Vidar22
Blank Grabber12
Millenium10
Cthulhu8
Raccoon7

Top Login URLs

Top exposed services found in the event results

  1. 1https://deals.thenextweb.com556
  2. 2deals.thenextweb.com480
  3. 3https://deals.thenextweb.com/sign_up219
  4. 4https://deals.thenextweb.com/sign_in200
  5. 5accounts.thenextweb.com158
  6. 6https://accounts.thenextweb.com156
  7. 7deals.thenextweb.com/sign_in144
  8. 8https://deals.thenextweb.com/giveaways/lifetime-of-netflix-giveaway133
  9. 9deals.thenextweb.com/sign_up132
  10. 10https://deals.thenextweb.com/checkout130

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

India
Events101
United States
Events92
United Kingdom
Events20
Brazil
Events12
Egypt
Events12
Pakistan
Events12
Nigeria
Events12
Vietnam
Events10

Country Breakdown

  1. 1India101
  2. 2United States92
  3. 3United Kingdom20
  4. 4Brazil12
  5. 5Egypt12
  6. 6Pakistan12
  7. 7Nigeria12
  8. 8Vietnam10

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

WordPress12

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1173
Windows 10 22H2 build 19045 (64 Bit)41
Windows 10 Pro40
Windows 11 Pro (10.0.22631) x6432
Windows 10 Enterprise x6429

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
4,036
Combolist pools
154
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.