Back

vrtx.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant historical data breach affecting 8,789 records, alongside 185 active infostealer logs. Employee accounts are the primary target, with 8,752 compromised, followed by 222 client accounts. The majority of the data breach evidence originates from database dumps (90.8%), with a notable portion from combolist sources (9.2%). Malware analysis reveals Vidar, LummaC2, and Redline as the most prevalent infostealer families. The exposure period spans from July 2025 to June 2026, with a sharp increase in employee compromises observed in January 2026. Targeted services include the main domain vrtx.com, along with various SSO and reporting portals. Geographically, the United States, India, and Canada show the highest concentration of affected entities.

Total Events

8,974
credential exposure events

Employee Affected Events

8,752
account email domain = vrtx.com

Client Affected Events

222
service target = vrtx.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
8,0005,3332,6670
peak month 6,532
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events185
Share2%
Data breaches
Events8,789
Share98%
Infostealer logs (2%)
185events
Data breaches (98%)
8,789events

8,752 compromised employee accounts pose an infrastructure risk, while 222 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

No Data Available

Malware Families Distribution

Distribution of Active Stealer Strains

Vidar52
LummaC227
Redline13
Remus10
Rhadamanthys6

Top Login URLs

Top exposed services found in the event results

  1. 1vrtx.com96
  2. 2https://bireporting-test.vrtx.com/MicroStrategyUAT/servlet/mstrWeb10
  3. 3https://sso.vrtx.com/8
  4. 4https://cir.vrtx.com/6
  5. 5https://sso.vrtx.com/oauth2/v1/authorize6
  6. 6https://bi.vrtx.com/bi-security-login/login.jsp6
  7. 7https://ukcareers.vrtx.com/tgwebhost/pdsstepone.aspx6
  8. 8https://cbsso.vrtx.com/protected/frm_SMLogin.cfm6
  9. 9https://sso.vrtx.com/app/vrtx_simpplr_2/exk1dpckwjDqT2Z7s697/sso/saml6
  10. 10ukcareers.vrtx.com5

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events70
India
Events20
Canada
Events12
Venezuela
Events2
Denmark
Events2

Country Breakdown

  1. 1United States70
  2. 2India20
  3. 3Canada12
  4. 4Venezuela2
  5. 5Denmark2

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft7

Operating System Distribution

Distribution of compromised endpoint builds

Windows 10 Home40
Windows 11 Home 25H2 (Build 26200)12
Windows 11 24H2 build 26100 (64 Bit)10
Windows 11 22H2 build 22621 (64 Bit)7
Windows 10 Enterprise (10.0.19045) x644

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
811
Combolist pools
7,978
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.