Back

westlake.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure of employee and client data, with 4058 historical data breaches and 129 active infostealer logs observed over the reporting period. The majority of the exposure stems from historical data breaches, accounting for 96.9% of events, while active infostealer logs represent 3.1%. Malware families such as Rhadamanthys, LummaC2, and Acreed are prevalent, suggesting ongoing credential harvesting and data exfiltration attempts. The exposure is concentrated in the United States, Netherlands, and Philippines, targeting services including the main domain, single sign-on portals, and mobile applications.

Total Events

4,187
credential exposure events

Employee Affected Events

3,908
account email domain = westlake.com

Client Affected Events

279
service target = westlake.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
3,0002,0001,0000
peak month 2,513
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events129
Share3%
Data breaches
Events4,058
Share97%
Infostealer logs (3%)
129events
Data breaches (97%)
4,058events

3,908 compromised employee accounts pose an infrastructure risk, while 279 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender1

Malware Families Distribution

Distribution of Active Stealer Strains

Rhadamanthys33
LummaC218
Acreed11
Vidar10
Redline7
StealC2
Raccoon1
Remus1

Top Login URLs

Top exposed services found in the event results

  1. 1android://Svheuy9On5g7q9z15T-Rm6aRJHH_pLKHw1-f3Be9HemkMkMI5T-As8GcQL3teNpt5KLsTSNmHPotcoE47l4u-A==@com.westlake.mobile/114
  2. 2westlake.com62
  3. 3https://sso.westlake.com/12
  4. 4android://1AEF02B9A626495E421D677A773DED18F5C813E6136A50952178B9944057A6F520B0C2A81DB53D46AA2EDD6351354D6DB33F29BC40034C2089E5FD367DBC3DAB@com.westlake.mobile9
  5. 5android://svheuy9on5g7q9z15t-rm6arjhh_plkhw1-f3be9hemkmkmi5t-as8gcql3tenpt5klstsnmhpotcoe47l4u-a==@com.westlake.mobile/8
  6. 6https://sso.westlake.com/SecureAuth14/6
  7. 7https://outlook.westlake.com/owa/auth/logon.aspx5
  8. 8sso.westlake.com5
  9. 9https://adfs.westlake.com/4
  10. 10https://outlook.westlake.com/4

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events56
Netherlands
Events9
Philippines
Events6
Spain
Events4
Vietnam
Events3
Mexico
Events1

Country Breakdown

  1. 1United States56
  2. 2Netherlands9
  3. 3Philippines6
  4. 4Spain4
  5. 5Vietnam3
  6. 6Mexico1

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Microsoft15
Citrix3
Okta1

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11 24H2 build 26100 (64 Bit)27
Windows 119
Windows 10 Home (10.0.19045) x647
Windows 11 24H2 build 26200 (64 Bit)7
Windows 10 Home6

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
530
Combolist pools
3,528
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.