Match Group Inc. (Tinder, Hinge, OkCupid)
January 29, 2026
•[ data leak, cybercrime, ShinyHunters ]
A cybercrime group calling itself ShinyHunters claimed responsibility for accessing and leaking limited user and internal data from Match Group platforms. Match Group confirmed a security incident but stated that passwords, financial information, and private messages were not compromised.
Waltio
January 24, 2026
•[ data leak, extortion, cryptocurrency ]
French crypto tax platform Waltio reported being targeted by the ShinyHunters group, which claimed to possess personal data for nearly 50,000 users and threatened to leak users 2024 tax reports unless a ransom was paid. Waltio stated that its services and production systems remained secure and that no sensitive banking credentials or crypto access data was compromised. The incident primarily involves alleged data theft and extortion threats rather than service disruption, with the full scope of stolen fields not detailed in the summary.
Crunchbase
January 23, 2026
•[ vishing, social engineering, credential theft ]
Reporting on an Okta SSO vishing (voice-phishing) campaign, ShinyHunters reportedly confirmed to a researcher that it conducted the campaign and launched a new dark web leak site. According to the report, ShinyHunters claimed that multiple victims had their data posted after refusing extortion demands, naming Crunchbase, SoundCloud, and Betterment as initial examples. The incident reflects social-engineering-driven credential theft leading to unauthorized access and data theft, followed by extortion and publication of alleged victim data.
National Credit Information Center (CIC), State Bank of Vietnam
September 10, 2025
•[ hack, leak, financial ]
VNCERT confirmed signs of intrusion targeting personal-data theft at CIC; ShinyHunters/Scattered Spider claimed ~160M records, allegedly exploiting end-of-life software; data offered for sale with samples posted.
Pornhub
August 11, 2025
•[ extortion, phishing, data leak ]
Cybercriminal group ShinyHunters claimed theft of a 94GB dataset containing about 201 million records tied to Pornhub Premium user activity and launched an extortion campaign demanding payment in Bitcoin. Reporting linked the compromise to third-party analytics provider Mixpanel, where access allegedly began on November 8, 2025 after a smishing attack harvested employee login credentials. Samples reviewed by journalists reportedly included email addresses, approximate location (city/country), video titles and URLs, search keywords, and timestamps for watches/downloads. Pornhub stated its internal systems were not directly hacked and that sensitive items such as passwords and credit card details remained secure, while Mixpanel later suggested some access may have involved a legitimate employee account associated with Pornhubs parent company, Aylo.
Kering
June 12, 2025
•[ hack, leak, retail ]
Kering confirms June 2025 intrusion affecting multiple brands; ShinyHunters claims Salesforce-based exfiltration (43M+ Gucci, ~13M others); media verified samples and 7.4M unique emails; Kering says no financial/ID data; denies negotiations, which DataBreaches disputes with chat logs and a BTC micro-payment.
Pluto TV
November 15, 2020
•[ hack, technology ]
A hacker is sharing what they state are 3.2 million Pluto TV user records that were stolen during a data breach. The data breach is attributed to ShinyHunters.
LIVEauctioneers
November 12, 2020
•[ leak, retail ]
ShinyHunters has put up the LIVEauctioneers.com database up for sale.
Home Chef
November 12, 2020
•[ leak, retail ]
ShinyHunters has put up the Home Chef database up for sale.
Storybird
November 12, 2020
•[ leak, technology ]
ShinyHunters has put up the Storybird database up for sale.
Mathway
May 22, 2020
•[ hack, education ]
ShinyHunters breaches Mathway, a popular math solving application, stealing more than 25 million emails and passwords.
Wishbone
May 20, 2020
•[ leak, technology ]
ShinyHunters puts up for sale the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll.
Bhinneka
May 9, 2020
•[ leak, retail ]
Bhinneka has 1.2 million records dumped by ShinyHunters.
Styleshare
May 9, 2020
•[ hack, leak, technology ]
Styleshare, an online platform that allows users to share and receive updates on fashion and beauty, is breached by ShinyHunters. 6 million records are leaked.
Chronicle
May 3, 2020
•[ leak, education ]
Chronicle.com, a news source for higher education, is the latest victim to have a database dumped from the ShinyHunters collective (3 million records).
