Weekly intelligence Aug 24 – Aug 30, 2020 11 min read

Infostealers Weekly Report: 2020-08-24 – 2020-08-30

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 110

Infections by country

Top 25 countries

#1 United States of America 2,710
#2 France 1,134
#3 Spain 820
#4 Germany 699
#5 United Kingdom 366
#6 Canada 304
#7 Israel 202
#8 Australia 173
#9 Belgium 140
#10 Philippines 130
#11 Sweden 120
#12 India 108
#13 Japan 78
#14 Indonesia 51
#15 Ireland 42
#16 Italy 39
#17 Pakistan 38
#18 Brazil 32
#19 Mexico 23
#20 Switzerland 21
#21 Romania 20
#22 Myanmar (Burma) 20
#23 Turkey 19
#24 Egypt 17
#25 Hungary 17

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 7,376 users
#2 live.com 4,690 users
#3 facebook.com 4,671 users
#4 paypal.com 3,086 users
#5 amazon.com 2,760 users
#6 netflix.com 2,571 users
#7 twitter.com 2,261 users
#8 twitch.tv 2,078 users
#9 instagram.com 1,894 users
#10 roblox.com 1,840 users
#11 epicgames.com 1,833 users
#12 steampowered.com 1,588 users
#13 apple.com 1,577 users
#14 minecraft.net 1,569 users
#15 discordapp.com 1,565 users
#16 steamcommunity.com 1,492 users
#17 spotify.com 1,365 users
#18 yahoo.com 1,353 users
#19 discord.com 1,309 users
#20 sonyentertainmentnetwork.com 1,253 users
#21 com.spotify.music 1,201 users
#22 com.netflix.mediaclient 1,176 users
#23 mega.nz 1,176 users
#24 dropbox.com 1,158 users
#25 ebay.com 1,137 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 publix.com 30 employees
#2 confused.com 29 employees
#3 maccabi4u.co.il 27 employees
#4 24 employees
#5 rmunify.com 16 employees
#6 one.com 15 employees
#7 vic.edu.au 14 employees
#8 ky.gov 14 employees
#9 browardschools.com 14 employees
#10 peoplematter.com 13 employees
#11 dadeschools.net 12 employees
#12 mail.de 12 employees
#13 k12.fl.us 12 employees
#14 gmx.es 11 employees
#15 1and1.es 11 employees
#16 twc.com 11 employees
#17 engelbert-strauss.de 11 employees
#18 ovh.net 10 employees
#19 freenet.de 10 employees
#20 bluehost.com 10 employees
#21 spectrum.net 10 employees
#22 hcps.net 10 employees
#23 rediff.com 9 employees
#24 sandi.net 9 employees
#25 orange.es 9 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 publix.com 30 employees
#2 twc.com 11 employees
#3 microsoft.com 3 employees
#4 amazon.com 2 employees
#5 aa.com 2 employees
#6 ibm.com 2 employees
#7 synnex.com 2 employees
#8 oracle.com 2 employees
#9 cbre.com 2 employees
#10 bestbuy.com 2 employees
#11 delta.com 1 employees
#12 vfc.com 1 employees
#13 humana.com 1 employees
#14 cognizant.com 1 employees
#15 disney.com 1 employees
#16 exeloncorp.com 1 employees
#17 frontier.com 1 employees
#18 grainger.com 1 employees
#19 ge.com 1 employees
#20 sandisk.com 1 employees

Compromised users

#1 google.com 7,376 users
#2 facebook.com 4,671 users
#3 paypal.com 3,086 users
#4 amazon.com 2,760 users
#5 netflix.com 2,571 users
#6 apple.com 1,577 users
#7 ebay.com 1,137 users
#8 walmart.com 538 users
#9 ups.com 372 users
#10 capitalone.com 344 users
#11 att.com 331 users
#12 adp.com 287 users
#13 bestbuy.com 281 users
#14 target.com 256 users
#15 wellsfargo.com 233 users
#16 fedex.com 219 users
#17 hp.com 210 users
#18 bankofamerica.com 204 users
#19 homedepot.com 173 users
#20 costco.com 168 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 23,746hits
#2 sso 7,226hits
#3 adfs 2,287hits
#4 webmail 1,559hits
#5 zoom 1,322hits
#6 github 732hits
#7 owa 670hits
#8 sap 550hits
#9 sts 519hits
#10 zendesk 509hits
#11 imap 500hits
#12 extranet 356hits
#13 oracle 355hits
#14 ftp 343hits
#15 ping 329hits
#16 vpn 322hits
#17 cpanel 261hits
#18 zimbra 231hits
#19 st 219hits
#20 kaspersky 152hits
#21 okta 148hits
#22 salesforce 145hits
#23 webex 128hits
#24 dana-na 122hits
#25 citrix 96hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

May 18 → May 25, 2026 13 min

Infostealers Weekly Report: 2026-05-18 – 2026-05-25

14K machines
4K users
187K domains

View report →

May 11 → May 18, 2026 13 min

Infostealers Weekly Report: 2026-05-11 – 2026-05-18

25K machines
2K users
319K domains

View report →

May 4 → May 11, 2026 12 min

Infostealers Weekly Report: 2026-05-04 – 2026-05-11

16K machines
4K users
200K domains

View report →