Back

usda.gov Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain usda.gov experienced a significant number of events, with 78,080 historical data breaches and 3,739 active infostealer logs observed between July 2025 and June 2026. The data breaches represent 95.4% of all events, while infostealer activity accounts for 4.6%. Employee and client data were impacted, with notable spikes in employee-related events in January 2026 and client-related events in September 2025 and March 2026. The most frequently observed malware families were LummaC2, Rhadamanthys, and Redline, all known for credential theft. Given the high volume of data breaches and the prevalence of infostealer malware targeting employee and client data, this exposure presents a critical risk. The primary focus for remediation should be on strengthening data security controls to prevent future breaches and mitigating the impact of ongoing infostealer threats. Prioritizing the security of authentication services like eauth.usda.gov and supertracker.usda.gov is essential, as these were frequently targeted.

Total Events

81,819
credential exposure events

Employee Affected Events

46,683
account email domain = usda.gov

Client Affected Events

35,136
service target = usda.gov

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
30,00020,00010,0000
peak month 25,528
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events3,739
Share5%
Data breaches
Events78,080
Share95%
Infostealer logs (5%)
3,739events
Data breaches (95%)
78,080events

46,683 compromised employee accounts pose an infrastructure risk, while 35,136 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender68
McAfee10
Windows Defender.6
McAfee VirusScan4
Windows Defender ESET Security ESET Security.2
Unknown2
Windows Defender Avast Antivirus.2
Windows Defender 360 Total Security.2
Windows Defender Kaspersky.1

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2555
Rhadamanthys544
Redline454
Vidar218
Acreed216
X-Files193
Blank Grabber64
Millenium38
StealC20

Top Login URLs

Top exposed services found in the event results

  1. 1https://www.eauth.usda.gov/eauth/b/usda/login1,491
  2. 2eauth.usda.gov1,410
  3. 3supertracker.usda.gov1,135
  4. 4https://eauth.usda.gov1,067
  5. 5eauth.usda.gov/eauth/b/usda/login1,048
  6. 6https://supertracker.usda.gov914
  7. 7https://www.eauth.usda.gov888
  8. 8supertracker.usda.gov/createprofile.aspx728
  9. 9https://www.supertracker.usda.gov/CreateProfile.aspx677
  10. 10supertracker.usda.gov/Login.aspx671

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events1,839
Canada
Events60
Mexico
Events35
Venezuela
Events34
Brazil
Events28
Indonesia
Events23
India
Events18
Colombia
Events14

Country Breakdown

  1. 1United States1,839
  2. 2Canada60
  3. 3Mexico35
  4. 4Venezuela34
  5. 5Brazil28
  6. 6Indonesia23
  7. 7India18
  8. 8Colombia14

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Pulse Secure23
Microsoft9
Microsoft Entra ID (External ID / B2C)8

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11378
Windows 11 24H2 build 26100 (64 Bit)327
Windows 10 Home x64274
Windows 10 Enterprise x64126
Windows 11 Pro122

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
32,259
Combolist pools
45,821
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.