Back

unitedhealthgroup.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting unitedhealthgroup.com, with a risk score of 100. The primary concern stems from 46,529 historical data breaches and 1,965 active infostealer logs, affecting a total of 48,494 events. Notably, 46,640 employee-related events and 1,854 client-related events are also present. The timeline shows a surge in employee-related events in September 2025 and January 2026, coinciding with a substantial increase in data breaches and infostealer activity. Malware families associated with these events include Redline (90.1%), LummaC2 (1.6%), and Rhadamanthys (1.1%). The high volume of historical data breaches and active infostealer logs, coupled with the prevalence of Redline infostealer, suggests a critical risk of further credential compromise and data exfiltration. The affected services include various subdomains of unitedhealthgroup.com and cloudfed.unitedhealthgroup.com, with a concentration of events originating from the United States, Netherlands, and Germany. Remediation efforts should focus on immediate threat hunting for active infostealer infections, comprehensive credential hygiene, and a review of historical data breach impacts.

Total Events

48,494
credential exposure events

Employee Affected Events

46,640
account email domain = unitedhealthgroup.com

Client Affected Events

1,854
service target = unitedhealthgroup.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
25,00016,6678,3330
peak month 20,355
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events1,965
Share4%
Data breaches
Events46,529
Share96%
Infostealer logs (4%)
1,965events
Data breaches (96%)
46,529events

46,640 compromised employee accounts pose an infrastructure risk, while 1,854 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Kaspersky2

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,771
LummaC231
Rhadamanthys22
Acreed11
Vidar10
StealC4
Remus2
RisePro2
Aurora1

Top Login URLs

Top exposed services found in the event results

  1. 1unitedhealthgroup.com431
  2. 2https://cloudfed.unitedhealthgroup.com/235
  3. 3cloudfed.unitedhealthgroup.com/152
  4. 4cloudfed.unitedhealthgroup.com122
  5. 5https://cloudfed.unitedhealthgroup.com94
  6. 6https://unitedhealthgroup.com57
  7. 7https://aaweb.unitedhealthgroup.com/aa-web-corp/evaluate51
  8. 8aaweb.unitedhealthgroup.com/aa-web-corp/evaluate50
  9. 9aaweb.unitedhealthgroup.com36
  10. 10https://aaweb.unitedhealthgroup.com29

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events437
Netherlands
Events402
Germany
Events383
Denmark
Events173
Philippines
Events49
United Kingdom
Events49
France
Events38

Country Breakdown

  1. 1United States437
  2. 2Netherlands402
  3. 3Germany383
  4. 4Denmark173
  5. 5Philippines49
  6. 6United Kingdom49
  7. 7France38
  8. 8Luxembourg37

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix57
Pulse Secure16
FortiNet VPN14
Git11
Cisco (AnyConnect)9
Microsoft3

Operating System Distribution

Distribution of compromised endpoint builds

Windows Server 2016 x32135
Windows 7 x32134
Windows 10 Home x32134
Windows Server 2003 R2 x32128
Windows Server 2008 R2 x32127

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
29,710
Combolist pools
16,819
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.