ShinyHunters
-
Instructure reaches ransom agreement after Canvas data breach
Instructure said it reached an agreement with an unauthorized actor after a Canvas breach that exposed data tied to thousands of schools and universities, including about 275 million records. The company said stolen data was returned and no customers will be separately extorted.
-
Vimeo says customer data exposed after Anodot breach
Vimeo said some customer and user data was accessed without authorization after the Anodot breach, including email addresses for some customers, technical data, video titles and metadata. The company said video content and payment data were not exposed.
-
Medtronic confirms network breach after hackers claim theft of 9 million records
Medtronic said hackers breached corporate IT systems and may have accessed personal data after ShinyHunters claimed theft of more than 9 million records and terabytes of internal data.
-
Aura confirms breach exposed nearly 900,000 marketing contacts
Aura confirmed a breach that exposed nearly 900,000 marketing contacts, including names and emails. The company says 35,000 were customers and that SSNs and financial data were not compromised.
-
ShinyHunters posts 12.4 million records alleged to be from CarGurus
A 6.1GB archive claiming 12.4 million CarGurus records was posted by ShinyHunters on February 21. A Have I Been Pwned breach listing says about 3.7 million records appear to be new.
-
PornHub targeted by ShinyHunters after Premium member activity data reportedly stolen
PornHub says it is being extorted by the ShinyHunters gang after activity data for some Premium members was reportedly stolen in a Mixpanel-related incident; Mixpanel says it can find no indication the records were taken in its November 2025 incident.
-
Gainsight says more customers affected as Salesforce revokes Gainsight-linked access tokens
Gainsight said suspicious activity tied to its applications affected more customers than initially reported and that Salesforce revoked related access tokens; the intrusion has been claimed by ShinyHunters while investigators and vendors take containment steps.
-
Salesforce revokes Gainsight app tokens after suspected unauthorized access
Salesforce revoked access tokens and removed Gainsight-published applications from the AppExchange after detecting activity that may have allowed unauthorised access to some customers’ data; investigations attribute the campaign to actors linked to the ShinyHunters group.
-
Kering confirms data breach hits Gucci, Balenciaga and Alexander McQueen; customer records exposed
Kering says hackers accessed customer data in a June 2025 breach affecting Gucci, Balenciaga and Alexander McQueen, exposing names, birth dates, phone numbers, emails and purchase histories, but not payment card data. The incident has been linked to the ShinyHunters group via Salesforce CRM access, with law enforcement reporting arrests in Paris. Authorities warn of…
-
FBI warns of UNC6040 and UNC6395 hackers targeting Salesforce to steal data and extort victims
The FBI has issued a FLASH alert about UNC6040 and UNC6395 hacking groups that are compromising Salesforce environments to steal data and extort victims, releasing IOCs to aid defense efforts across organizations and multiple cloud platforms.
