CarGurus
February 14, 2026
•[ data breach, extortion, data leak ]
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and subscription information. Impacted data also included names, phone numbers, physical and IP addresses, and auto finance application outcomes.
CarGurus
February 13, 2026
•[ data breach, social engineering, vishing ]
TechRadar reported that ShinyHunters claimed to have breached CarGurus and stolen about 1.7 million corporate records, threatening to release the data by a stated deadline. The report linked the claim to a broader wave of social-engineering vishing attacks used to obtain employee credentials/MFA codes and then access SSO dashboards (Okta/Entra/Google) and downstream applications. At the time of reporting in the article, CarGurus had not publicly confirmed the breach details, the precise intrusion window, or exactly what categories of data were taken beyond the actors claim, so this record reflects an alleged data-theft event pending independent confirmation.
Odido
February 12, 2026
•[ data breach, extortion, data leak ]
In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, 1M records containing 317k unique email addresses were published, followed by further releases exposing an additional 371k and then 833k unique email addresses, with the latter also including passport, drivers licence and European national ID numbers. The exposed data includes names, physical addresses, phone numbers, bank account numbers and customer service notes. Odido has published a disclosure notice advising that impacted data may also include dates of birth and government-issued identity document numbers.
Figure
February 12, 2026
•[ social engineering, data leak, extortion ]
Figure Technology Solutions confirmed it suffered a data breach after an employee fell victim to a social engineering attack, with attackers obtaining a limited number of files. SecurityWeek reported that the ShinyHunters group took credit and posted archive files on its leak site; Have I Been Pwned analysis identified roughly 967,000 user records in the leaked data. The exposed information includes names, dates of birth, email addresses, postal addresses, and phone numbers. The reporting frames the incident as data theft/extortion without describing service disruption to Figures lending operations.
Optimizely
February 11, 2026
•[ voice-phishing, social engineering, data leak ]
Attackers associated with the ShinyHunters cybercriminal group used a voice-phishing social engineering attack to gain access to Optimizelys internal systems and CRM environment. Approximately 10,000 client organizations were affected, with exposed data including business contact information such as names, email addresses, and phone numbers.
Match Group Inc. (Tinder, Hinge, OkCupid)
January 29, 2026
•[ data leak, cybercrime, ShinyHunters ]
A cybercrime group calling itself ShinyHunters claimed responsibility for accessing and leaking limited user and internal data from Match Group platforms. Match Group confirmed a security incident but stated that passwords, financial information, and private messages were not compromised.
Waltio
January 24, 2026
•[ data leak, extortion, cryptocurrency ]
French crypto tax platform Waltio reported being targeted by the ShinyHunters group, which claimed to possess personal data for nearly 50,000 users and threatened to leak users 2024 tax reports unless a ransom was paid. Waltio stated that its services and production systems remained secure and that no sensitive banking credentials or crypto access data was compromised. The incident primarily involves alleged data theft and extortion threats rather than service disruption, with the full scope of stolen fields not detailed in the summary.
Crunchbase
January 23, 2026
•[ vishing, social engineering, credential theft ]
Reporting on an Okta SSO vishing (voice-phishing) campaign, ShinyHunters reportedly confirmed to a researcher that it conducted the campaign and launched a new dark web leak site. According to the report, ShinyHunters claimed that multiple victims had their data posted after refusing extortion demands, naming Crunchbase, SoundCloud, and Betterment as initial examples. The incident reflects social-engineering-driven credential theft leading to unauthorized access and data theft, followed by extortion and publication of alleged victim data.
University of Pennsylvania
October 30, 2025
•[ data breach, ransomware, donor records ]
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.
National Credit Information Center (CIC), State Bank of Vietnam
September 10, 2025
•[ hack, leak, financial ]
VNCERT confirmed signs of intrusion targeting personal-data theft at CIC; ShinyHunters/Scattered Spider claimed ~160M records, allegedly exploiting end-of-life software; data offered for sale with samples posted.
Wynn Resorts
September 1, 2025
•[ data leak, employee personnel records, Social Security numbers ]
Attackers associated with the ShinyHunters cybercriminal group gained unauthorized access to Wynn Resorts systems in September 2025. The intrusion exposed approximately 800,000 employee personnel records containing Social Security numbers and other personal identifying information.
Pornhub
August 11, 2025
•[ extortion, phishing, data leak ]
Cybercriminal group ShinyHunters claimed theft of a 94GB dataset containing about 201 million records tied to Pornhub Premium user activity and launched an extortion campaign demanding payment in Bitcoin. Reporting linked the compromise to third-party analytics provider Mixpanel, where access allegedly began on November 8, 2025 after a smishing attack harvested employee login credentials. Samples reviewed by journalists reportedly included email addresses, approximate location (city/country), video titles and URLs, search keywords, and timestamps for watches/downloads. Pornhub stated its internal systems were not directly hacked and that sensitive items such as passwords and credit card details remained secure, while Mixpanel later suggested some access may have involved a legitimate employee account associated with Pornhubs parent company, Aylo.
Canada Goose
August 1, 2025
•[ data leak, third-party breach, customer records ]
BleepingComputer reported that Canada Goose was investigating after ShinyHunters leaked more than 600,000 customer records. Canada Goose said it had not found evidence its own systems were breached and believed the data related to past customer transactions. ShinyHunters told BleepingComputer the dataset was unrelated to recent SSO attacks and claimed it originated from a third-party payment processor breach and dates back to August 2025. The exposed data was described as including purchase history plus device/browser information and order values; it did not appear to include full payment card numbers.
Kering
June 12, 2025
•[ hack, leak, retail ]
Kering confirms June 2025 intrusion affecting multiple brands; ShinyHunters claims Salesforce-based exfiltration (43M+ Gucci, ~13M others); media verified samples and 7.4M unique emails; Kering says no financial/ID data; denies negotiations, which DataBreaches disputes with chat logs and a BTC micro-payment.
Pluto TV
November 15, 2020
•[ hack, technology ]
A hacker is sharing what they state are 3.2 million Pluto TV user records that were stolen during a data breach. The data breach is attributed to ShinyHunters.
LIVEauctioneers
November 12, 2020
•[ leak, retail ]
ShinyHunters has put up the LIVEauctioneers.com database up for sale.
Home Chef
November 12, 2020
•[ leak, retail ]
ShinyHunters has put up the Home Chef database up for sale.
Storybird
November 12, 2020
•[ leak, technology ]
ShinyHunters has put up the Storybird database up for sale.
Mathway
May 22, 2020
•[ hack, education ]
ShinyHunters breaches Mathway, a popular math solving application, stealing more than 25 million emails and passwords.
