Back

yodobashi.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting yodobashi.com, with a high risk score of 93. The primary concern stems from 32,296 historical data breaches, predominantly linked to "Combolist sources" (99.9%), suggesting compromised credential reuse. Additionally, 6,822 active infostealer logs were observed, with LummaC2, Redline, and Rhadamanthys being the most prevalent malware families. The timeline shows a notable increase in employee and client-related events from March 2026 onwards, with a peak in April 2026. The affected services are primarily related to the "order.yodobashi.com" domain, including login and order processing pages. The majority of the exposure originates from Japan. Given the high volume of historical data breaches and active infostealer activity, this situation poses a critical risk to both clients and employees. The prevalence of credential stuffing attacks, indicated by "Combolist sources," suggests that compromised credentials from other breaches are being used to access yodobashi.com accounts. Remediation should focus on immediate credential reset campaigns for all users, enhanced monitoring for suspicious login activity, and strengthening authentication mechanisms. Further investigation into the specific infostealer campaigns and their targets is also recommended.

Total Events

39,118
credential exposure events

Employee Affected Events

150
account email domain = yodobashi.com

Client Affected Events

38,968
service target = yodobashi.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
10,0006,6673,3330
peak month 9,490
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events6,822
Share17%
Data breaches
Events32,296
Share83%
Infostealer logs (17%)
6,822events
Data breaches (83%)
32,296events

150 compromised employee accounts pose an infrastructure risk, while 38,968 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender127
Windows Defender ウイルスバスター クラウド13
Windows Defender Webroot SecureAnywhere McAfee6
Windows Defender マカフィー ウイルススキャン6
Windows Defender McAfee6
Windows Defender マカフィー セキュリティエージェント5
Windows Defender マカフィー4
Trend Micro4
ESET4

Malware Families Distribution

Distribution of Active Stealer Strains

LummaC2976
Redline830
Rhadamanthys757
Vidar576
Acreed534
Raccoon117
Remus96
Millenium91
RisePro48

Top Login URLs

Top exposed services found in the event results

  1. 1https://order.yodobashi.com5,783
  2. 2order.yodobashi.com5,134
  3. 3https://order.yodobashi.com/yc/login/index.html4,825
  4. 4order.yodobashi.com/yc/login/index.html2,898
  5. 5https://order.yodobashi.com/2,573
  6. 6https://order.yodobashi.com/yc/login/action.html2,123
  7. 7order.yodobashi.com/1,724
  8. 8order.yodobashi.com/yc/login/action.html1,347
  9. 9https://order.yodobashi.com/yc/login/order/index.html1,300
  10. 10https://order.yodobashi.com/yc/order/address/index.html935

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Japan
Events3,788
United States
Events67
Vietnam
Events30
United Kingdom
Events25
Taiwan
Events23
India
Events22
Thailand
Events18
France
Events17

Country Breakdown

  1. 1Japan3,788
  2. 2United States67
  3. 3Vietnam30
  4. 4United Kingdom25
  5. 5Taiwan23
  6. 6India22
  7. 7Thailand18
  8. 8France17

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

-
Total

Operating System Distribution

Distribution of compromised endpoint builds

Windows 11714
Windows 11 24H2 build 26100 (64 Bit)443
Windows 11 Pro432
Windows 10 22H2 build 19045 (64 Bit)297
Windows 10 Enterprise x64248

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
32,277
Combolist pools
19
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.