Back

zalando.de Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The telemetry indicates a significant exposure event impacting zalando.de, with a total of 263,591 recorded events between July 2025 and June 2026. The majority of these events, 71.2%, are historical data breaches, and 28.8% are active infostealer logs. A substantial number of client records (247,103) and employee records (16,488) are implicated. The primary malware families associated with these events are Redline, LummaC2, and Rhadamanthys, all known for credential theft. The data suggests a broad geographical reach, with Italy, Spain, and Germany being the most affected countries. The high volume of historical data breaches and active infostealer logs, coupled with the involvement of credential-stealing malware, presents a critical risk. The exposure of a large number of client and employee records necessitates immediate investigation and remediation. Priority should be placed on identifying the root cause of the data breaches and infostealer activity, enhancing credential security measures, and implementing robust data protection protocols to prevent further compromise.

Total Events

263,591
credential exposure events

Employee Affected Events

16,488
account email domain = zalando.de

Client Affected Events

247,103
service target = zalando.de

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
50,00033,33316,6670
peak month 47,779
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events75,866
Share29%
Data breaches
Events187,725
Share71%
Infostealer logs (29%)
75,866events
Data breaches (71%)
187,725events

16,488 compromised employee accounts pose an infrastructure risk, while 247,103 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender695
McAfee24
Windows Defender ESET Security19
Avast16
Windows Defender.15
Windows Defender McAfee VirusScan13
Malwarebytes11
ESET Security10
Avast Antivirus7

Malware Families Distribution

Distribution of Active Stealer Strains

Redline12,046
LummaC211,658
Rhadamanthys10,810
Acreed7,738
Vidar3,945
Millenium1,104
StealC994
RisePro974
Remus625

Top Login URLs

Top exposed services found in the event results

  1. 1android://YRgXOaNZM-lVrnkC9MSBVdoFAGgXknX1R6X3uE3cBBHR-ojukiQdQAJbi0FNavNm5WfCLCknr2V3MF733I2uOw==@de.zalando.mobile/107,205
  2. 2zalando.de11,965
  3. 3https://zalando.de8,359
  4. 4android://9ZDx3e07FIJUUR1PKg8EcBUMKYhePKKPd5Qcsef6L7puhZUHo_SjEzr2z7mcoSMdn_qOjaEqyTiNU58IH4vk0A==@de.zalando.prive/8,201
  5. 5https://www.zalando.de7,496
  6. 6android://9ZDx3e07FIJUUR1PKg8EcBUMKYhePKKPd5Qcsef6L7puhZUHo_SjEzr2z7mcoSMdn_qOjaEqyTiNU58IH4vk0A==@de.zalando.lounge/5,511
  7. 7https://www.zalando.de/welcomenoaccount/true5,287
  8. 8android://yrgxoanzm-lvrnkc9msbvdofaggxknx1r6x3ue3cbbhr-ojukiqdqajbi0fnavnm5wfclcknr2v3mf733i2uow==@de.zalando.mobile/ :4,787
  9. 9www.zalando.de4,786
  10. 10zalando.de/welcomenoaccount/true4,391

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

Italy
Events10,329
Spain
Events8,757
Germany
Events7,406
France
Events5,211
Poland
Events4,494
Belgium
Events2,260
Netherlands
Events1,189
Romania
Events1,127

Country Breakdown

  1. 1Italy10,329
  2. 2Spain8,757
  3. 3Germany7,406
  4. 4France5,211
  5. 5Poland4,494
  6. 6Belgium2,260
  7. 7Netherlands1,189
  8. 8Romania1,127

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Okta6
Git5
Zendesk5
Microsoft3

Operating System Distribution

Distribution of compromised endpoint builds

Windows 118,375
Windows 11 24H2 build 26100 (64 Bit)4,860
Windows 10 Enterprise x644,602
Windows 10 Home x643,643
Windows 10 22H2 build 19045 (64 Bit)3,538

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
172,078
Combolist pools
15,647
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.