< ciso
brief />
Tag Banner

All news with #shinyhunters tag

76 articles · page 2 of 4

ShinyHunters Defaces Canvas Login Portals at Scale

🔒 The ShinyHunters extortion group defaced Canvas login portals for roughly 330 colleges and universities, replacing standard pages with an extortion message that demanded payment by May 12, 2026. The same message also appeared in the Canvas app and was visible for about 30 minutes before being taken offline. Instructure has taken Canvas offline while confirming that data was stolen and continuing its investigation. BleepingComputer reports the group claims the theft includes extensive student and staff records.
read more →

ShinyHunters Claims 280M Records Stolen from Instructure

🔒 Instructure says it is investigating a breach after the extortion group ShinyHunters claimed to have stolen 280 million records tied to students, teachers, and staff across 8,809 colleges, school districts, and online education platforms. The actors allege they accessed names, email addresses, private messages and enrollment data by abusing Canvas export features such as DAP queries, provisioning reports and user APIs. Instructure has acknowledged the incident but has not provided detailed public answers; several universities have begun their own inquiries.
read more →

Vimeo Data Breach Exposes 119,000 Users' Personal Data

🔒 Vimeo disclosed an April breach tied to compromised Anodot credentials that allowed the ShinyHunters extortion group to exfiltrate data. After failed extortion, the group published a 106GB archive and Have I Been Pwned says roughly 119,200 email addresses and some names were exposed. Vimeo states that user login credentials, payment card data, and video content were not accessed, and it disabled the Anodot integration while engaging third-party investigators and notifying law enforcement.
read more →

Instructure Confirms Data Breach; ShinyHunters Claims

🔒 Instructure confirmed a cybersecurity incident that exposed personal information after the extortion group ShinyHunters posted claims of a large data theft. Company updates indicate affected data may include names, email addresses, student ID numbers, and private messages, while no evidence so far points to leaked passwords, dates of birth, government identifiers, or financial data. Instructure says it has patched the reported vulnerability, rotated application keys, increased monitoring, and requires customers to re-authorize API access as part of its response while third-party experts and law enforcement investigate.
read more →

Medtronic Confirms Corporate IT Breach After Claims

🔒 Medtronic has confirmed a data security incident in which an unauthorized party accessed certain internal corporate IT systems. The company said there was no disruption to products, patient safety or operations and that hospital networks managed by customers were not affected. Cybercrime group ShinyHunters previously claimed to have exfiltrated millions of records, but Medtronic has not verified those figures and is actively investigating with external cybersecurity specialists. If sensitive data access is confirmed, affected individuals will be notified and offered support services.
read more →

ADT Breach: ShinyHunters Exposes 5.5M Records, Partial IDs

🔒 ShinyHunters stole personal data for about 5.5 million ADT customers and posted an 11GB archive on a dark web leak site after a failed extortion. ADT says it detected the intrusion on April 20 and that accessed information was largely limited to names, phone numbers, and addresses, with a small number of records including DOBs and last-four SSNs/Tax IDs. The group claims the attack began with a vishing compromise of an employee's Okta SSO account that enabled theft from the company's Salesforce instance; ADT reports no payment data or customer security systems were affected.
read more →

Medtronic Confirms Network Breach After ShinyHunters Claim

🔒 Medtronic disclosed a network intrusion after the ShinyHunters extortion group claimed to have stolen more than 9 million records and multiple terabytes of internal corporate data. The company said the incident affected "certain corporate IT systems" but has not impacted products, patient safety, manufacturing, or hospital customer networks, which it says are segregated. An investigation is underway to determine whether personal data was accessed, and Medtronic said it will notify affected individuals and provide support if exposure is confirmed.
read more →

ADT Confirms Customer Data Breach After ShinyHunters Threat

🔒 ADT confirmed unauthorized access to customer and prospective customer data detected on April 20, saying it terminated the intrusion and opened an investigation. The company reported that stolen information was limited to names, phone numbers, and addresses, with a small subset including dates of birth and the last four digits of SSNs or Tax IDs. ADT emphasized no payment data or customer security systems were affected. ShinyHunters claims over 10 million records were taken after a vishing attack that allegedly compromised an employee’s Okta SSO and accessed Salesforce data.
read more →

Rockstar Games analytics data leaked after Anodot breach

🔓 A data set allegedly belonging to Rockstar Games was published by the ShinyHunters extortion group after they say authentication tokens were stolen from Anodot and used to access connected Snowflake accounts. The leak reportedly contains more than 78.6 million records of internal analytics — including in‑game revenue, purchase metrics, player behavior, and game economy data for GTA Online and Red Dead Online — plus Zendesk support analytics. Rockstar said only a limited amount of non‑material company information was accessed and that the incident does not affect players.
read more →

Snowflake Customers Targeted After SaaS Integrator Breach

🔐 Over a dozen companies experienced data theft after attackers used stolen authentication tokens from a breached SaaS integrator to access cloud accounts. The majority of observed incidents targeted Snowflake, which reported "unusual activity" and said a small number of customer accounts were impacted. Snowflake emphasized that its systems were not compromised and that it locked down potentially affected accounts and notified customers. BleepingComputer sources point to an alleged breach at Anodot, and the extortion gang ShinyHunters claims responsibility.
read more →

CERT-EU Attributes Europa.eu Breach to Trivy Supply-Chain

🔒 CERT‑EU traced the Europa.eu data theft to a supply‑chain compromise of Trivy, the open‑source vulnerability scanner, which exposed an AWS API key and led to the theft of approximately 350 GB of web data (91.7 GB compressed). The actor, publicly linked to TeamPCP, exploited a GitHub Actions misconfiguration (CVE-2026-33634) to force CI/CD pipelines to pull credential‑stealing malware via manipulated Trivy tags. Stolen material was later passed to ShinyHunters. CERT‑EU urges updating to safe Trivy releases, rotating cloud credentials, auditing CI/CD usage, and binding GitHub Actions to immutable SHA‑1 hashes.
read more →

European Commission Confirms Cloud Infrastructure Breach

🔐The European Commission has confirmed a cyber-attack affecting cloud infrastructure that hosts the Europa.eu platform and says early findings indicate data were taken. The incident was detected on March 24 and announced on March 27; containment and forensic measures were deployed while internal systems reportedly remained unaffected. Screenshots and claims from ShinyHunters allege a roughly 350GB haul including mail servers, databases, NextCloud content and employee PII, and researchers warn the compromise could expose DKIM keys, SSO directories and other sensitive assets.
read more →

European Commission Confirms Data Breach at Europa.eu Hack

🔒 The European Commission has confirmed a data breach after its Europa.eu web platform was compromised in an attack claimed by the ShinyHunters extortion group. The intruders reportedly accessed at least one AWS account and exfiltrated hundreds of gigabytes, though the Commission says its internal systems were not affected. Authorities have been notified and an investigation is ongoing to determine the full impact.
read more →

Telus Digital Suffers Massive Data Breach by ShinyHunters

🔒 Telus Digital, a BPO provider to global clients, is investigating a significant cybersecurity incident after extortion group ShinyHunters claimed to have exfiltrated up to one petabyte of data. The company says core operations and customer connectivity remain unaffected and that it has engaged leading forensics teams and law enforcement. Early indications point to abuse of legitimate access rather than an obvious malware intrusion, and Telus is notifying affected customers and implementing additional safeguards.
read more →

Telus Digital Confirms Breach After Massive Data Theft

🔒 Telus Digital has confirmed a cybersecurity incident after threat actors identifying as ShinyHunters claimed to have exfiltrated nearly 1 petabyte of data from the company's BPO systems over several months. The attackers say they used Google Cloud credentials found in the Salesloft/Drift breach to access a large BigQuery instance and then used trufflehog to locate additional secrets and pivot to other systems. Telus says it discovered unauthorized access to a limited number of systems, engaged forensic experts, is investigating what was stolen and which customers were affected, and reports no evidence of customer connectivity or service disruption.
read more →

Overly Permissive Guest Settings Threaten Salesforce Data

⚠️ Salesforce is urging customers to review Experience Cloud guest configurations after a reported campaign tied to the cybercrime group ShinyHunters that claims breaches of hundreds of organizations. Attackers are exploiting overly permissive guest user settings and a modified version of the open-source Aura Inspector to scan the /s/sfsites/aura endpoint and extract data. Salesforce recommends auditing guest profiles, disabling public API access for guest users, restricting object visibility, and enforcing least-privilege.
read more →

ShinyHunters Claims Ongoing Salesforce Aura Data Theft

🔒 Salesforce warns customers that attackers are targeting misconfigured Experience Cloud sites by abusing the /s/sfsites/aura API, allowing guest users to access more data than intended. Threat actors have used a modified AuraInspector scanner and bespoke exfiltration tools; the extortion group ShinyHunters claims responsibility and reports hundreds of compromises. Salesforce stresses this stems from customer guest‑user settings, not a platform vulnerability, and provides immediate mitigation guidance.
read more →

Wynn Resorts Confirms Employee Data Breach After Extortion

🔒 Wynn Resorts confirmed an employee data breach after being listed on the ShinyHunters extortion group's leak site and said it activated incident response procedures. The company engaged external cybersecurity experts to investigate and reported that an unauthorized third party acquired certain employee data. Attackers claimed the stolen data had been deleted; Wynn said it has seen no evidence of publication or misuse to date and that guest operations remain unaffected. The company is offering complimentary credit monitoring and identity protection services to employees.
read more →

CarGurus Data Leak Exposes 12.4 Million Account Records

🔓 The extortion group ShinyHunters published a 6.1GB archive on February 21 containing 12.4 million records it alleges were stolen from CarGurus. Have I Been Pwned (HIBP) has added the dataset and reports compromised data types including email addresses, IPs, full names, phone numbers, physical addresses, account IDs, finance application data, dealer details, and subscription information. CarGurus has not confirmed the breach or replied to requests for comment. HIBP says about 70% of the records were already known, leaving roughly 3.7 million newly exposed entries that could be abused for phishing and other scams.
read more →

ShinyHunters Claims Breach of Dutch Telecom Odido

🔒 The ShinyHunters extortion gang claims it stole millions of user records from Dutch telecom Odido, adding the company to its dark‑web leak site and asserting nearly 21 million records were taken. Odido disclosed the incident on February 12, reporting that attackers accessed its customer contact system on February 7 and that exposed fields vary by customer. The carrier said no Mijn Odido passwords, call records, location data, billing data, or identity scans were exposed; ShinyHunters, however, alleges internal corporate data and plaintext passwords were also taken. Odido reported the breach to the Dutch Data Protection Authority, blocked the attackers' access, and engaged external cybersecurity specialists while investigations continue.
read more →