LifeVantage Corporation Data Breach

Alleged

Ransomware claim involving LifeVantage Corporation.

Published: Jun 28, 2026 Settra
Threat Level
High
Confidence: High

Quick Summary

Alleged
Company
LifeVantage Corporation
Industry
Consumer Services
Threat Actor
Settra
Date of Incident
Jun 28, 2026

Executive Summary

LifeVantage Corporation, a US-based consumer services company, has been identified as a victim of the Settra ransomware group. The listing appeared on Settra’s dark web portal on June 28, 2026, making it part of a small cluster of victims published on the same day. Previous Settra victims within a similar timeframe include Turbo Data Systems, Quality Dining, and DyStar, with identified victims located in the United States, Taiwan, and Singapore, indicating an international reach for the ransomware group.

Technical Analysis

SOCRadar’s analysis of stealer-log telemetry revealed a notable exposure for the lifevantage.com domain, containing 25 recent credential pairs. These credentials were classified as customer-facing accounts for portals such as join, cart, and info subdomains. No internal, IdP, or administrative endpoints were found in the immediate sample, suggesting the primary risk identified was customer account takeover and supplier risk. The exposed credentials had a freshness window spanning June 12 to June 28, 2026. While these specific credentials have not been confirmed as used by Settra, and the exposure is customer-facing, the active harvesting of credentials around the organization’s portals aligns with the reconnaissance typical of ransomware incidents. CTI teams are advised to maintain monitoring and proactive credential hygiene checks.