ShinyHunters Data-Extortion Claims Target Crunchbase and Waltio
Crunchbase confirmed a cybersecurity incident after the ShinyHunters cybercrime group claimed it stole over 2 million personal records. ShinyHunters reportedly posted a 402 MB compressed archive online after an extortion attempt failed, and Crunchbase stated the threat actor exfiltrated certain documents from its corporate network. Crunchbase said business operations were not disrupted, the incident was contained, external cybersecurity experts were engaged, and federal law enforcement was notified while the company reviews the exposed data to determine required legal notifications.
In a separate ShinyHunters-linked extortion case, French crypto tax platform Waltio was reported to be facing a ransom threat tied to alleged theft of personal data for nearly 50,000 users, including threatened exposure of users’ 2024 tax reports. Waltio stated its services and production systems remained secure and that no sensitive banking or crypto access data was compromised. The activity aligns with ShinyHunters’ established pattern of data theft and leak-site pressure when ransom demands are not met.
Sources
Related Stories
ShinyHunters Data-Theft and Extortion Targeting CarGurus and Wynn Resorts
**ShinyHunters** is linked to multiple large-scale data-theft and extortion operations, including a breach at automotive marketplace **CarGurus** in February 2026. After an attempted extortion, the stolen CarGurus data was published publicly and reportedly included **12M+ email addresses** across multiple files, with additional exposed information such as names, phone numbers, physical and IP addresses, user account ID mappings, dealer account/subscription details, and auto finance pre-qualification application data (including application outcomes). ShinyHunters also claimed to have stolen **800,000+ records** from **Wynn Resorts** and demanded **22.34 Bitcoin (~$1.5M)** to prevent publication, setting a deadline and threatening further “digital problems” if unpaid. Data samples reviewed by a media outlet reportedly contained employee PII including **Social Security numbers**, names, emails, phone numbers, job details, salaries, start dates, and birthdays; the group alleged initial access occurred in **September 2025** via an **Oracle PeopleSoft vulnerability** combined with an employee’s credentials, and it did not clarify whether the credentials were obtained through social engineering or insider access-for-hire.
3 weeks ago
ShinyHunters Claims Okta Vishing Campaign and Leaks Data from Crunchbase, Betterment, and SoundCloud
The **ShinyHunters** extortion group claimed responsibility for a recent **Okta SSO voice-phishing (vishing)** campaign used to steal authentication codes and access victim environments. The group told reporters and researchers it used vishing to obtain Okta single-sign-on codes to compromise **Crunchbase** and **Betterment**, and then published alleged stolen data after the organizations reportedly rejected extortion demands; ShinyHunters also said additional victims exist and that more disclosures are forthcoming. ShinyHunters published alleged datasets for **Crunchbase, Betterment, and SoundCloud** on a newly launched leak site, asserting the dumps contain **PII** and large record counts (reported as **>20 million** for Betterment, **~2 million** for Crunchbase, and **~30+ million** for SoundCloud). **SoundCloud** stated it is aware of data published online allegedly taken from its organization and said its security team, supported by third-party experts, is reviewing the claim and the posted data; ShinyHunters asserted SoundCloud access was *not* obtained via SoundCloud’s Okta credentials. SoundCloud had previously confirmed a breach affecting roughly **20% of users** (about **28 million** based on public user counts), while Crunchbase and Betterment had not publicly responded at the time of reporting.
1 months ago
Figure Data Breach Linked to Employee Social Engineering and ShinyHunters Leak
**Figure Technology Solutions**, a blockchain-based lending/fintech firm, confirmed a **data breach** after an employee was **socially engineered**, enabling attackers to access and exfiltrate a **limited number of files**. The company said it is communicating with partners and impacted individuals, has begun sending notifications, and is offering **free credit monitoring** to recipients of breach notices; it has not publicly disclosed the total number of affected individuals or when the incident was detected. The cybercrime group **ShinyHunters** claimed responsibility and alleged Figure refused to pay a ransom, publishing about **2.5GB** of purportedly stolen data on its leak site. Journalists who reviewed samples reported the exposed data included **names, home addresses, dates of birth, and phone numbers**, increasing risk of identity fraud and follow-on phishing. ShinyHunters also told reporters the intrusion was part of a broader campaign affecting organizations including **Harvard University** and **UPenn**, and referenced victims that rely on **Okta** for single sign-on.
1 months ago