Back

zoosk.com Domain Breach Exposure Report

Risk Score

High Risk

Massive event volume or critical assets compromised.

AI Findings Summary

Critical

The domain zoosk.com has experienced a significant exposure event, with 168,812 total events recorded over the reporting period. The majority of these events, 149,550 (88.6%), are classified as historical data breaches, while 19,262 (11.4%) are active infostealer logs. The data indicates a substantial compromise affecting 168,074 clients and 738 employees. The primary malware families associated with the infostealer activity include Redline, LummaC2, and Rhadamanthys. The leak repository classification shows that 99.7% of the data originates from combolist sources, suggesting credential stuffing or account takeover attempts leveraging previously breached credentials. Given the high volume of client and employee data involved in historical breaches and the ongoing threat from infostealer activity, this exposure presents a critical risk. The prevalence of combolist sources indicates a high likelihood of credential reuse and potential for further account compromises. Prioritization should focus on immediate remediation of identified infostealer threats, comprehensive credential hygiene for both employees and clients, and a thorough investigation into the root cause of the historical data breaches to prevent recurrence. The targeted services are primarily related to zoosk.com domains and subdomains, with a significant geographic concentration in the United States.

Total Events

168,812
credential exposure events

Employee Affected Events

738
account email domain = zoosk.com

Client Affected Events

168,074
service target = zoosk.com

Free Community Account

Stop stolen credentials from logging in

Own this domain? Create a free Lunar account to see full exposure data and evidence.

12-Month Events Timeline

Event volume by breach date, employee VS client

EmployeesClients
50,00033,33316,6670
peak month 43,926
Jul 25Sep 25Nov 25Jan 26Mar 26May 26Jun 26

Infostealers VS Data Breaches

Live stealer logs VS data breaches

Infostealer logs
Events19,262
Share11%
Data breaches
Events149,550
Share89%
Infostealer logs (11%)
19,262events
Data breaches (89%)
149,550events

738 compromised employee accounts pose an infrastructure risk, while 168,074 leaked client credentials create regulatory liability.

Antivirus Distribution

Security Tools on Infected Endpoints

Windows Defender158
Windows Defender McAfee11
Windows Defender McAfee VirusScan6
Windows Defender [ON]1
Trend Micro Internet Security1
Windows Defender Avast Antivirus.1

Malware Families Distribution

Distribution of Active Stealer Strains

Redline3,395
LummaC23,142
Rhadamanthys2,152
Acreed1,639
Vidar1,275
RisePro383
StealC284
Millenium230
Raccoon173

Top Login URLs

Top exposed services found in the event results

  1. 1zoosk.com14,979
  2. 2https://www.zoosk.com10,416
  3. 3https://zoosk.com10,024
  4. 4https://www.zoosk.com/7,989
  5. 5www.zoosk.com6,597
  6. 6zoosk.com/5,314
  7. 7https://t.zoosk.com5,148
  8. 8t.zoosk.com4,990
  9. 9www.zoosk.com/4,159
  10. 10https://www.zoosk.com/login3,391

Infostealer By Geography

Shows the distribution of Infostealer-related credential exposure events across different geographic regions. The location is determined by analyzing the metadata of the infected machines associated with each event.

United States
Events3,893
Canada
Events831
Ghana
Events795
Brazil
Events755
South Africa
Events489
United Kingdom
Events455
Australia
Events394
Egypt
Events361

Country Breakdown

  1. 1United States3,893
  2. 2Canada831
  3. 3Ghana795
  4. 4Brazil755
  5. 5South Africa489
  6. 6United Kingdom455
  7. 7Australia394
  8. 8Egypt361

Services Classification Distribution

Blast radius - closer to core = more critical infrastructure, size = credential volume

Citrix4

Operating System Distribution

Distribution of compromised endpoint builds

Windows 111,645
Windows 10 Enterprise x641,499
Windows 11 24H2 build 26100 (64 Bit)886
Windows 10 Home x64801
Windows 10762

Leak Repository Classification

Where the exposed records currently reside

0
Named breaches
149,152
Combolist pools
398
Unattributed dumps

Disclaimer: This report includes AI-generated content. AI can make mistakes, so verify important findings independently before taking action.