< ciso
brief />
Tag Banner

All news with #shinyhunters tag

76 articles

Kodak confirms data breach amid ShinyHunters claim

🔒 Kodak has confirmed an investigation after an unauthorized third party gained temporary access to a limited amount of company data. The company engaged external cybersecurity experts and is working with law enforcement, asserting there is no threat to systems or operations. The ShinyHunters extortion group has claimed responsibility, alleging over 2.2 million records were stolen and threatening to leak the data.
read more →

Council of Europe Probes ShinyHunters Breach Claims

🔎 The Council of Europe is investigating claims by the ShinyHunters extortion group that it exfiltrated hundreds of thousands of HR and payroll records. The organization, representing 46 member states, said it is assessing the situation and cannot provide further comment. ShinyHunters posted on a dark web leak site, threatening to publish alleged files containing extensive personal and financial data if demands are not met.
read more →

ShinyHunters exploited Oracle PeopleSoft zero‑day

🔒 The ShinyHunters extortion group exploited an unpatched Oracle PeopleSoft remote code execution zero‑day (CVE-2026-35273) to compromise enterprise servers, steal data, and extort victims. Mandiant links the activity to UNC6240 and observed attacks from May 27 to June 9, before Oracle published its advisory on June 10. The flaw requires no authentication and exposes PeopleTools 8.61 and 8.62 installations with externally reachable Environment Management Hub endpoints. Universities were heavily targeted; mitigations focus on disabling or blocking PSEMHUB and hunting for post‑exploit indicators.
read more →

Oracle mitigates PeopleSoft zero-day used in data theft

🔔 Oracle warns of a critical PeopleSoft Suite zero-day, CVE-2026-35273, enabling unauthenticated remote code execution and carrying a CVSS 9.8 score. The flaw impacts PeopleSoft PeopleTools versions 8.61 and 8.62; Oracle released emergency mitigations and plans a patch. Threat actor ShinyHunters is linked to active exploitation and large-scale data theft across hundreds of instances. Administrators are urged to review logs and block identified IPs to assess compromise.
read more →

Nottingham University student-records breach affects 454,600

🔒 The University of Nottingham confirmed a cyber incident that exposed a significant amount of student record data, affecting current students and alumni. The university reported the breach to the Information Commissioner's Office and Action Fraud and is working with the platform vendor on a forensic investigation. The ShinyHunters extortion group has claimed responsibility and posted an archive they say contains finance, payment, personal and academic data from multiple campuses.
read more →

ShinyHunters Target Oracle PeopleSoft Instances

🛡️ ShinyHunters are actively stealing data from Oracle PeopleSoft instances, claiming breaches across 300 instances at over 100 organizations. The actor says they used a mix of old and zero-day vulnerabilities in a "gadget chain," with many victims in the education sector. Exposed tooling, scripts, and IOCs were found in online directories, and impacted organizations are urged to check logs and begin incident response immediately.
read more →

DentaQuest breach exposed data of 2.6 million accounts

🔒 DentaQuest, a major US dental benefits administrator, disclosed a cybersecurity incident after the extortion group ShinyHunters posted and later leaked over 234 GB of stolen data. The company confirmed limited disruption to services on June 2 and said it engaged external experts to investigate and contain the breach. Analysis by Have I Been Pwned found records for 2.6 million accounts in the leaked dataset, including emails, names, phone numbers, government IDs, insurance details, genders, and dates of birth.
read more →

Lessons from the Canvas LMS cyberattack

🔒 Over May 6–7, 2026, Canvas LMS users encountered a defaced login page claiming a ShinyHunters extortion of Instructure, alleging theft of 3.65TB of data affecting about 275 million students, faculty, and staff across nearly 9,000 institutions. Instructure identified an exploited support-ticket vulnerability in its Free for Teacher environment and temporarily disabled that service while investigating. The incident disrupted finals and highlighted risks from centralized SaaS platforms, third-party dependencies, communications breakdowns and the evolving economics of extortion.
read more →

Charter Communications breach exposes 4.9M accounts

🔒 The ShinyHunters extortion gang claims to have stolen personal details from 4.9 million Charter Communications accounts after a vishing attack in early April that compromised an employee's Microsoft Entra account. Charter confirmed the incident but says no sensitive PII or CPNI was exfiltrated, while Have I Been Pwned verified leaked records containing names, emails, addresses, phone numbers and some job titles. The group published stolen Salesforce data after a ransom was refused.
read more →

Charter Confirms Breach After ShinyHunters Extortion

🔒 Charter Communications confirmed a data breach after the ShinyHunters extortion group claimed to have stolen millions of customer records. The company says it is notifying authorities and maintains that No sensitive personal information (PI) or CPNI was exfiltrated. ShinyHunters alleges the intrusion began via a vishing attack that compromised an employee's Microsoft Entra account and allowed access to Salesforce data.
read more →

7‑Eleven Breach Exposes Personal Data of 185K

🔍 7‑Eleven disclosed that an unauthorized party accessed franchisee document systems on April 8, 2026, resulting in a data theft. Have I Been Pwned analyzed the leaked files and found 185,300 unique email addresses and accompanying personal details, including names, dates of birth, phone numbers, and physical addresses. The ShinyHunters extortion gang claimed responsibility after publishing a large archive they said came from 7‑Eleven's Salesforce environment.
read more →

FBI Issues Advisory After ShinyHunters Breach of Canvas LMS

⚠️ The FBI's IC3 issued an advisory on 15 May 2026 about the ShinyHunters extortion gang breaching an online learning management system used by US educational institutions. Although the advisory avoided naming the vendor, reporting and Instructure's confirmation made clear Canvas was affected and the company reportedly paid a ransom after receiving alleged 'shred logs'. The FBI warns victims not to engage with extortionists, enable multi‑factor authentication, and remain vigilant against phishing, harassment, and swatting; students and staff should assume their data may be exposed and await official guidance.
read more →

7-Eleven Confirms Data Breach Claimed by ShinyHunters

🔒 7-Eleven disclosed that an unauthorized party accessed systems used to store franchisee documents on April 8, 2026, and began notifying affected individuals on May 1. The company has not provided details on the number of affected people or specific data types exposed. The extortion group ShinyHunters claimed responsibility on April 17, alleging the theft of over 600,000 records from the company's Salesforce environment and later leaking a 9.4GB archive after ransom talks failed. 7-Eleven said it launched an investigation but has not commented further.
read more →

Instructure Reaches Agreement After Canvas Data Breach

🛡️ Instructure says it has reached an agreement with the unauthorized actor responsible for the Canvas breach that affected nearly 9,000 educational institutions. The company reported the stolen data was returned and provided what it described as digital confirmation of its destruction, without disclosing whether a payment was made. ShinyHunters are believed to be behind the incident and Instructure has taken containment steps while warning customers to stay vigilant against phishing.
read more →

US Committee Seeks Instructure Testimony on Canvas Breach

📢 The U.S. House Committee on Homeland Security has requested Instructure CEO Steve Daly to testify about two recent ShinyHunters attacks that breached the Canvas learning platform and disrupted final exams. The incidents exposed student and staff data and defaced login portals, impacting institutions nationwide. The committee seeks details on containment, notification, coordination with federal agencies, and raises concerns about Instructure’s incident response.
read more →

Instructure Reaches Agreement with ShinyHunters, Data Returned

🛡️ Instructure says it reached an agreement with ShinyHunters after a breach of its Canvas LMS that exposed usernames, emails, course names, enrollments, and messages. The actor returned the stolen data and supplied shred logs confirming destruction. Instructure attributes the intrusion to XSS flaws in the Free-for-Teacher environment, has restored Canvas, and temporarily disabled that free tier while investigating and monitoring activity.
read more →

ShinyHunters Escalates Canvas Extortion Against Schools

🔒 A ShinyHunters “pay or leak” extortion campaign has targeted the education sector after the compromise of Instructure, operator of the Canvas LMS. The April 25 breach reportedly exposed around 275 million records and more than 3.65 TB of data via a vulnerability in the Free‑For‑Teacher Canvas version. After an initial ransom demand and a May 8 deadline, the group extended its timeline and began school‑by‑school extortion, defacing roughly 330 institutional login pages. Affected organizations are urged to change Canvas‑related passwords, enable multi‑factor authentication and heighten phishing awareness.
read more →

Zara Data Breach Exposes 197,000 Customers' Records

🔒 A ShinyHunters campaign has compromised data for over 197,000 Zara customers, according to HaveIBeenPwned. Stolen items include unique email addresses, product SKUs, order IDs and support ticket data after stolen authentication tokens from analytics provider Anodot were used to access BigQuery and Snowflake instances; the group leaked a claimed 140GB trove. Inditex says no names, passwords or payment details were affected and operations remained unaffected. Other reported victims include Vimeo, Rockstar Games and McGraw Hill.
read more →

Zara Data Breach Exposes Personal Data of 197,000 Customers

🔓 Have I Been Pwned says hackers exfiltrated data tied to Zara affecting 197,400 unique email addresses and associated order SKUs, order IDs, market information, and support tickets. Inditex confirmed the compromised databases were hosted by a former technology provider but said attackers did not access names, phone numbers, postal addresses, credentials, or payment card data. The extortion group ShinyHunters claimed responsibility and posted a 140GB archive allegedly taken from BigQuery using compromised Anodot tokens.
read more →

Canvas Breach and Extortion Disrupts US Schools Nationwide

🔒 Instructure's Canvas platform was taken offline on May 7 after the cybercrime group ShinyHunters defaced login pages and posted a ransom demand claiming to hold data on 275 million students and faculty at nearly 9,000 institutions. Instructure had acknowledged a breach on May 6, saying the stolen records include names, email addresses, student ID numbers and user messages but not passwords or financial information. The outage, timed during many institutions' final exams, disrupted coursework while schools and the vendor evaluated exposure and potential extortion responses.
read more →