Back

unitedrentals.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure for unitedrentals.com, with over 50,000 events logged between July 2025 and June 2026. The vast majority of these events (95.3%) are historical data breaches, affecting approximately 47,792 records. Additionally, there are 2,358 active infostealer logs (4.7%), primarily attributed to the Redline malware family, targeting employee credentials and potentially client information. The timeline shows a surge in employee-related events in September 2025 and January 2026, and a notable increase in client-related events in March 2026. The data suggests a high likelihood of credential compromise and ongoing data exfiltration impacting both employees and clients. Given the high volume of historical data breaches and active infostealer activity, this exposure presents a critical risk. The prevalence of Redline malware, known for stealing browser credentials, session tokens, and cryptocurrency wallets, necessitates immediate attention. Remediation efforts should focus on enhancing credential security, implementing robust endpoint detection and response, and conducting thorough security awareness training for employees to mitigate further compromise. Prioritizing the investigation of the identified data breaches and infostealer logs is crucial to understanding the full scope of the compromise and preventing further damage.

Total Events

50,150
credential exposure events

Employee Affected Events

46,946
account email domain = unitedrentals.com

Client Affected Events

3,204
service target = unitedrentals.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
20,00013,3336,6670
peak month 16,722
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events2,358
Share5%
Data breaches
Events47,792
Share95%
Infostealer logs (5%)
2,358events
Data breaches (95%)
47,792events

46,946 compromised employee accounts pose an infrastructure risk, while 3,204 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender27
Bitdefender3
Avast AVG1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline1,803
LummaC287
Acreed67
Rhadamanthys54
Vidar26
X-Files13
Blank Grabber4
Millenium4
StealC3

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.unitedrentals.com/login679
  2. 2unitedrentals.com671
  3. 3unitedrentals.com/login341
  4. 4www.unitedrentals.com/login264
  5. 5https://unitedrentals.com200
  6. 6https://www.unitedrentals.com154
  7. 7https://unitedrentals.com/login113
  8. 8www.unitedrentals.com100
  9. 9https://www.unitedrentals.com/cart51
  10. 10https://www.unitedrentals.com/cart/checkout44

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events760
Netherlands
Events372
Germany
Events369
Denmark
Events162
Canada
Events46
United Kingdom
Events44
France
Events41
Romania
Events30

Country Breakdown

  1. 1United States760
  2. 2Netherlands372
  3. 3Germany369
  4. 4Denmark162
  5. 5Canada46
  6. 6United Kingdom44
  7. 7France41
  8. 8Romania30

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix54
Pulse Secure27
FortiNet VPN23
Cisco (AnyConnect)18
F515
Git4
GitLab4

Operating System Distribution

Distribution of compromised endpoint builds

Windows Server 2012 R2 x32132
Windows 7 x32127
Windows 10 Enterprise x32127
Windows 11126
Windows Server 2008 x32126

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
34,079
Combolist pools
13,713
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.