Tag: ShinyHunters

  • Spectrum Data Leak After Charter Refuses Ransom

    Spectrum Data Leak After Charter Refuses Ransom

    Key Takeaway

    – Attackers used voice phishing (vishing) to steal a Charter employee’s Microsoft Entra credentials, bypassing technical defenses.
    – The breach exposed data for at least 13 million individuals, including names, addresses, phone numbers, and plan details, primarily from Spectrum Enterprise.
    – A dispute exists over whether federally protected Customer Proprietary Network Information (CPNI) was stolen; independent researchers are now assessing the leaked data.
    – This attack follows a 2026 pattern by ShinyHunters: compromise cloud identities via social engineering, pivot to SaaS platforms, and extort data before public release.
    – Affected customers should change passwords, enable two-factor authentication, freeze credit with major bureaus, and verify exposure via Have I Been Pwned.

    Spectrum Owner Charter Communications Confirms Data Breach After Ransom Deadline Passes

    Charter Communications, the company behind Spectrum internet, cable, and mobile service, has confirmed a data breach after the ShinyHunters extortion group published stolen customer records when its May 27 ransom deadline passed without a response. The attack was not sophisticated in a technical sense. ShinyHunters told BleepingComputer the breach occurred on April 1 through a voice phishing attack targeting a Charter employee’s Microsoft Entra account. No technical barrier was broken. Someone called, impersonated IT support, and walked away with valid credentials. The attackers used that access to export customer records from Charter’s Salesforce instance before the intrusion was detected.

    Over 13 Million Individuals Affected Alongside Support Ticket Records

    The Cybernews research team confirmed ShinyHunters published data covering at least 13 million individuals alongside nearly 10 million customer support ticket records. Most of the customer data originates from Spectrum Enterprise, the division serving large businesses, corporations, and government agencies. A separate internal employee directory subset of around 85,000 records was also exposed, containing job titles, work emails, and in a limited number of cases, home addresses. Published customer records include names, email addresses, physical addresses, phone numbers, phone type, and plan information. ShinyHunters originally claimed 40 to 42 million records, a figure that exceeds Charter’s entire US customer base of 32 million. Cybernews noted the dataset likely contains duplicates. Have I Been Pwned, via BleepingComputer, confirmed 4.9 million unique email addresses and added them to its database.

    Dispute Over CPNI Data and ShinyHunters Campaign Pattern

    The most consequential dispute concerns Customer Proprietary Network Information, a federally protected category covering call records, service subscriptions, and usage patterns. Charter told BleepingComputer that no sensitive personal information or CPNI data was exfiltrated. ShinyHunters claims the opposite. With the data now publicly posted, independent researchers are in a position to assess both claims. The broader pattern here is hard to miss. ShinyHunters has worked through a string of major targets in 2026 using the same general approach: compromise a cloud identity or SSO account through social engineering, pivot into connected SaaS platforms, export data at scale, and set a ransom deadline. Carnival Corporation was hit in April after attackers accessed systems through a third-party account. ADT, Aura, and Panera were also caught in the same campaign window. Charter did not engage before May 27. The data is now public.

    Steps Spectrum Customers Should Take To Protect Themselves

    Spectrum customers should change their account password, enable two-factor authentication, and treat unexpected contact claiming to be from Charter or Spectrum with caution. Have I Been Pwned can confirm whether your email address was exposed. A credit freeze at Equifax, Experian, and TransUnion is free, reversible, and prevents new accounts from being opened in your name.

    Sources
    Tags: , , , ,
  • America’s Largest Home Security Company Confirms Data Breach

    America’s Largest Home Security Company Confirms Data Breach

    Key Takeaway

    1. ADT experienced a data breach exposing customer names, phone numbers, addresses, and partial Social Security or Tax ID numbers.
    2. No bank account or payment information was compromised in the breach.
    3. The hacker group ShinyHunters claims to have stolen data from over 10 million customers and is demanding a ransom to prevent leaking the information.
    4. As of now, it is unclear if ADT has responded to the ransom demand.

    Security breach affects major US home security provider

    The biggest home security company in the United States, ADT, recently faced a serious security breach that put many customers at risk. The company confirmed that on April 20, there was a data intrusion, but didn’t specify the exact number of people affected. What’s clear is that sensitive info like customer names, phone numbers, and addresses got stolen, raising alarm among users.

    Details of what was compromised

    In this security lapse, some customers’ last four digits of Social Security Numbers or Tax IDs and their birth dates were also exposed. Fortunately, ADT assured that their bank account details and payment information stayed safe and were not accessed during the breach. The firm stated it has already contacted those impacted to notify them about the situation.

    The hackers behind the attack and their demands

    The hacking group known as ShinyHunters claims responsibility for this breach. They recently revealed on their platform that they stole personal data for more than 10 million customers along with some internal corporate information. They’ve issued a warning that unless ADT pays a ransom, they will leak all the data and cause other digital disruptions.

    Uncertain future and ongoing investigation

    At this point in time, there’s no clear answer whether ADT has responded to ShinyHunters’ ransom demands. The group has set a deadline of April 27, threatening to release the stolen information if their demand isn’t met. As of today, the company and authorities continue to look into this security breach.

    Sources
    Tags: , , ,
  • Rockstar Cyberattack: Hackers Threaten to Release Stolen Data

    Rockstar Cyberattack: Hackers Threaten to Release Stolen Data

    Key Takeaway

    1. Rockstar Games was targeted by a cyberattack, with some data potentially leaked, including financial information related to GTA Online.
    2. The attackers, ShinyHunters, may release the stolen data since no ransom payment was made.
    3. Rockstar downplays the incident, claiming only limited non-material information was accessed and stating no impact on ongoing operations or GTA 6 release plans.
    4. The company has a history of cyberattacks and previous leaks, raising ongoing security concerns.

    Rockstar Games suffers another cyberattack, causing concern among fans and security experts alike

    Rockstar Games got hit again by hackers, which has caused quite a stir. The hackers initially asked for ransom money, but nobody knows exactly how much they wanted. It looks like Rockstar didn’t pay them, and now the hackers, known as ShinyHunters, say they are going to release the stolen data, as per the news from the BBC. Rockstar tries to make it look like nothing serious happened, saying that only a small amount of not-so-important company info was accessed through a third-party vendor.

    Data leak rumors and what might have been compromised

    At first, no one was sure if any information had actually been leaked, but recent reports hint that some of the stolen data could be out already. Insider Gaming has said that some info linked to the attack by ShinyHunters might include financial details about GTA Online. If this turns out to be true, then what was just a threat could already be a real leak, which is pretty worrying for everyone involved.

    Impact on players and upcoming game releases

    Despite the security breach, Rockstar insists that players should not worry because neither their ongoing projects nor the highly anticipated Grand Theft Auto VI scheduled for November 2026 are affected. Still, this hack keeps the company in a delicate spot since they’ve been frequently targeted. Back in 2022, a major leak with early GTA 6 information also appeared, adding to concerns about their cybersecurity.

    Sources
    Tags: , , , ,
  • Rockstar Games Faces April 14 Ransom Deadline After Data Leak

    Rockstar Games Faces April 14 Ransom Deadline After Data Leak

    Key Takeaway

    1. Rockstar Games is allegedly targeted in a significant security breach involving the theft of corporate and analytical data via a third-party cloud platform.
    2. The attack leverages supply-chain vulnerabilities, specifically exploiting authentication tokens from Anodot to bypass multi-factor authentication and access Rockstar’s Snowflake environment.
    3. The threat group, ShinyHunters, has a history of targeting major corporations and is also linked to breaches at companies like Amtrak, McGraw Hill, Ticketmaster, AT&T, and Microsoft.

    Recent Security Breach at Rockstar Games

    Rockstar Games experiencing a security breach again, but this time it seems like it might be more targeted at their data systems than the game itself. This follows a notorious 2022 leak where a social engineering trick got early GTA VI footage exposed on Slack. Now, sources say the attack is aimed at their backend servers, possibly exposing sensitive corporate information.

    Threat Group and Their Previous Targets

    ShinyHunters, a known cybercriminal group, is believed to be behind this attack. This group has a history of stealing data from big companies like Ticketmaster, AT&T, and Microsoft. Unlike that lone hacker in 2022, this time they seem to be working as part of a larger campaign, especially attacking companies that use cloud data tools.

    How the Attack Was Carried Out

    Reports from RansomLook.io and CyberSec Guru say the hackers didn’t directly break into Rockstar’s main defenses. Instead, they used an automated process involving a third-party cloud tool called Anodot. By stealing tokens from Anodot’s system, they accessed Snowflake, a company used to store big data like analytics and player info. This way, they could avoid traditional security measures like multi-factor authentication. This sneaky method appears to be a common technique used by ShinyHunters lately.

    Other Victims and Future Risks

    This wave of attacks isn’t just hitting Rockstar. The same group claims they’ve accessed data from Amtrak, McGraw Hill, and over 100 million records from various third-party Salesforce integrations. They’ve set a ransom deadline for April 14, threatening to leak the data if their demands are not fulfilled. So far, Rockstar and its parent company, Take-Two Interactive, haven’t made any statements or disclosures yet, leaving many questions unanswered about the full scope of this incident.


    Sources

    Tags: , , , ,
  • Hacker Database Breach Exposes 324,000 User Accounts

    Hacker Database Breach Exposes 324,000 User Accounts

    Key Takeaways

    1. BreachForums experienced a significant data breach, exposing nearly 324,000 user accounts.
    2. The leaked SQL file contains sensitive data, including usernames and over 70,000 public IP addresses.
    3. The hackers responsible, ShinyHunters, suggested that BreachForums may be a “honeypot” set up by law enforcement.
    4. The compromised files were stored in an unsecured folder during a transition to a new domain.
    5. BreachForums functions as a marketplace for hackers to buy and sell hacking tools and stolen information.

    Irony, thy name is hacking.

    BreachForums, a well-known site where hackers share leaked and stolen information, recently experienced a breach of its own, leading to the exposure of nearly 324,000 user accounts. As reported by Bleeping Computer, an archive that includes an SQL file, a text file, and a PGP key file appeared on a “website named after the ShinyHunters extortion gang.”

    SQL File Revelations

    The highlight of this archive is the SQL file, which holds various data points such as usernames, IP addresses, and registration dates, among other details. While most of the IP addresses listed are simple loopback addresses, there are also 70,296 public IP addresses that could potentially be used to identify the users linked to those accounts, as indicated by Bleeping Computer.

    No Honor Among Thieves

    Adding to the saying that there’s no honor among thieves, the hackers responsible for this breach (ShinyHunters) claimed that BreachForums is actually a “honeypot,” suggesting that it is a fake site set up by law enforcement to catch unsuspecting cybercriminals.

    The administrator of BreachForums mentioned that the compromised files were kept in “an unsecured folder” during the forum’s transition from its previous domain to the current one. It’s important to point out that this isn’t the first occasion BreachForums has faced a data breach.

    Marketplace for Malicious Activity

    BreachForums serves as a platform where hackers and other malicious individuals can buy and sell hacking tools and stolen information. Law enforcement took control of the site on August 11, 2025, leading to its shutdown. It has since moved to its new domain.

    Bleeping Computer

    Source:
    Link

     

    Tags: , ,