Back

xkcd.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event affecting 1,681 clients and 75 employees, primarily driven by 1,612 historical data breaches and 144 active infostealer logs over a 12-month period. The majority of the exposure, 91.8%, stems from historical data breaches, with a notable increase in client-related events observed in March and April 2026. Malware families such as Redline and LummaC2 are prevalent, suggesting potential credential harvesting and unauthorized access. The primary leak repository source is identified as "Combolist sources," indicating compromised credential lists are a major vector. The targeted services are predominantly related to forums.xkcd.com, with a concentration of Windows 11 operating systems affected. Given the high volume of historical data breaches and the presence of active infostealer logs, this situation presents a critical risk. The focus for remediation should be on immediate credential hygiene, including mandatory password resets for all affected employees and clients, and enhanced monitoring for suspicious activity on forum services. Investigating the root cause of the historical data breaches and securing the identified leak repositories is paramount to prevent further compromise.

Total Events

1,756
credential exposure events

Employee Affected Events

75
account email domain = xkcd.com

Client Affected Events

1,681
service target = xkcd.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
8005332670
peak month 763
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events144
Share8%
Data breaches
Events1,612
Share92%
Infostealer logs (8%)
144events
Data breaches (92%)
1,612events

75 compromised employee accounts pose an infrastructure risk, while 1,681 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender3

Malware Families Distribution

Distribution of Active Stealer Strains

Redline19
LummaC217
RisePro6
Acreed4
Raccoon4
Blank Grabber3
StealC3
Vidar2
Millenium1

Top Login URLs

Top exposed services found in the event results

  1. 1forums.xkcd.com778
  2. 2https://forums.xkcd.com98
  3. 3forums.xkcd.com/ucp.php96
  4. 4http://forums.xkcd.com/ucp.php91
  5. 5xkcd.com75
  6. 6https://xkcd.com68
  7. 7https://forums.xkcd.com/ucp.php45
  8. 8https://xkcd.com/home30
  9. 9http://www.forums.xkcd.com/ucp.php27
  10. 10https://www.xkcd.com23

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events16
Bangladesh
Events8
Sweden
Events7
India
Events6
Germany
Events5
Netherlands
Events4
Pakistan
Events4
China
Events4

Country Breakdown

  1. 1United States16
  2. 2Bangladesh8
  3. 3Sweden7
  4. 4India6
  5. 5Germany5
  6. 6Netherlands4
  7. 7Pakistan4
  8. 8China4

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 1144
Windows 10 Pro [x64]8
Windows 10 Pro4
Windows 104
Windows 8 x323

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
1,604
Combolist pools
8
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.