Weekly intelligence Oct 5 – Oct 11, 2020 11 min read

Infostealers Weekly Report: 2020-10-05 – 2020-10-11

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 128

Infections by country

Top 25 countries

#1 United States of America 2,170
#2 Spain 759
#3 Germany 420
#4 France 361
#5 United Kingdom 218
#6 Canada 197
#7 Turkey 177
#8 Indonesia 151
#9 Israel 140
#10 Brazil 109
#11 Philippines 107
#12 Australia 104
#13 India 100
#14 Belgium 86
#15 Mexico 77
#16 Japan 75
#17 Sweden 73
#18 Italy 71
#19 Russia 70
#20 Romania 65
#21 Pakistan 63
#22 Egypt 57
#23 South Korea 53
#24 Thailand 40
#25 Algeria 38

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 5,610 users
#2 facebook.com 3,829 users
#3 live.com 3,514 users
#4 amazon.com 2,134 users
#5 paypal.com 1,912 users
#6 netflix.com 1,870 users
#7 twitter.com 1,732 users
#8 twitch.tv 1,536 users
#9 roblox.com 1,411 users
#10 epicgames.com 1,411 users
#11 instagram.com 1,401 users
#12 discordapp.com 1,265 users
#13 minecraft.net 1,240 users
#14 yahoo.com 1,196 users
#15 steampowered.com 1,155 users
#16 steamcommunity.com 1,083 users
#17 apple.com 1,075 users
#18 spotify.com 1,062 users
#19 dropbox.com 886 users
#20 linkedin.com 864 users
#21 discord.com 864 users
#22 com.spotify.music 860 users
#23 sonyentertainmentnetwork.com 848 users
#24 mega.nz 840 users
#25 ebay.com 838 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 publix.com 40 employees
#2 19 employees
#3 k12.fl.us 18 employees
#4 confused.com 15 employees
#5 rmunify.com 12 employees
#6 dadeschools.net 11 employees
#7 twc.com 11 employees
#8 spectrum.net 10 employees
#9 browardschools.com 10 employees
#10 lausd.net 9 employees
#11 ionos.es 9 employees
#12 peoplematter.com 9 employees
#13 one.com 9 employees
#14 icicibank.com 9 employees
#15 rediff.com 9 employees
#16 secureserver.net 9 employees
#17 maccabi4u.co.il 9 employees
#18 movistar.es 8 employees
#19 1and1.es 7 employees
#20 dell.com 7 employees
#21 freenet.de 7 employees
#22 k12.ca.us 7 employees
#23 roadrunner.com 7 employees
#24 accenture.com 7 employees
#25 jwpub.org 7 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 publix.com 40 employees
#2 twc.com 11 employees
#3 microsoft.com 4 employees
#4 oracle.com 3 employees
#5 hp.com 3 employees
#6 ups.com 3 employees
#7 cbre.com 2 employees
#8 genesishcc.com 2 employees
#9 jpmorganchase.com 1 employees
#10 rockwellautomation.com 1 employees
#11 iheartmedia.com 1 employees
#12 ebay.com 1 employees
#13 essendant.com 1 employees
#14 apple.com 1 employees
#15 masco.com 1 employees
#16 amerisourcebergen.com 1 employees
#17 bestbuy.com 1 employees
#18 jacobs.com 1 employees
#19 morganstanley.com 1 employees
#20 verizon.com 1 employees

Compromised users

#1 google.com 5,608 users
#2 facebook.com 3,827 users
#3 amazon.com 2,134 users
#4 paypal.com 1,912 users
#5 netflix.com 1,870 users
#6 apple.com 1,075 users
#7 ebay.com 838 users
#8 walmart.com 455 users
#9 capitalone.com 315 users
#10 att.com 284 users
#11 ups.com 276 users
#12 adp.com 266 users
#13 target.com 265 users
#14 wellsfargo.com 249 users
#15 bestbuy.com 238 users
#16 fedex.com 204 users
#17 bankofamerica.com 198 users
#18 americanexpress.com 185 users
#19 costco.com 155 users
#20 homedepot.com 145 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 18,132hits
#2 sso 5,377hits
#3 adfs 1,766hits
#4 zoom 923hits
#5 webmail 883hits
#6 github 506hits
#7 owa 435hits
#8 zendesk 369hits
#9 sts 362hits
#10 oracle 319hits
#11 ftp 293hits
#12 sap 274hits
#13 vpn 265hits
#14 ping 261hits
#15 imap 242hits
#16 extranet 152hits
#17 salesforce 143hits
#18 cpanel 128hits
#19 okta 117hits
#20 zimbra 114hits
#21 st 112hits
#22 webex 104hits
#23 citrix 92hits
#24 dana-na 90hits
#25 kaspersky 85hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →