ShinyHunters
Coverage of ShinyHunters in the Nexus archive.
- Medtronic notifies customers impacted by ShinyHunters data breach
Healthcare device company Medtronic is notifying affected customers about a data breach that exposed their personal information to an unauthorized third party. The breach is linked to ShinyHunters, a hacker group.
- A week in security (June 15 – June 21)
Malwarebytes Labs reported cleaning nearly 15,000 infected websites in a SocGholish crackdown. Apple patched a Beats Studio Buds vulnerability, Microsoft addressed the RoguePlanet flaw, and retro gaming fans faced fake GitHub malware. Kodak confirmed a breach linked to ShinyHunters, Roblox developers lost games to malware, and 24 billion records were exposed online. Malwarebytes received AV-TEST awards for its security solutions.
- Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak has confirmed a data breach claimed by the ShinyHunters extortion gang and is working with external cybersecurity experts to investigate. Hackers gained access to some of the company's data.
- The FCC Wants to Kill Burner Phones
The FCC aims to restrict burner phones, Microsoft released a major security update linked to AI bug hunting, and the ShinyHunters ransomware group exploited an Oracle zero-day vulnerability.
- ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
ShinyHunters exploited a zero-day vulnerability in Oracle's ERP software to steal data from American universities. The attack took advantage of a critical bug that disproportionately impacted higher education institutions.
- ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
ShinyHunters exploited an unpatched Oracle PeopleSoft zero-day (CVE-2026-35273) to breach enterprise systems, targeting universities most severely. Google's Mandiant linked the attacks to UNC6240, with activity occurring between May 27 and June 9, just one day before Oracle released its security advisory on June 10.
- Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
The ShinyHunters hacking gang claims to have compromised the Oracle PeopleSoft servers of more than 100 organizations, including many universities.
- Oxford Uni student data pwned yet again - this time via career platform breach
Oxford University's CareerConnect platform, managed by Group GTI, suffered a data breach exposing users' full names and email addresses, with encrypted passwords leaked for non-SSO users. The breach, attributed to a fixed security vulnerability, is separate from a recent Canvas platform attack affecting 275 million users. Group GTI and Instructure have not disclosed full details of the incidents.
- Carnival breach may put your travel data at risk
Carnival Corporation confirmed a data breach affecting nearly 6 million people, caused by a social engineering attack on a single user account. The breach exposed personal data including names, addresses, email addresses, phone numbers, dates of birth, and government-issued IDs. Leaked data also impacted Holland America's loyalty program, potentially affecting non-Carnival customers.
- Pink is the latest goon squad to use fake helpdesk calls to steal creds
Pink, a new extortion group possibly rebranded from BlackFile, uses voice phishing and fake helpdesk calls to steal credentials and extort organizations. Palo Alto Networks' Unit 42 and Google Threat Intelligence debate whether Pink is a new threat or an evolution of UNC6671, with similar tactics to groups like Lapsus$ and Scattered Spider.
- Charter breach warning: What customers should know
Charter Communications (Spectrum) confirmed a cybersecurity incident after ransomware group ShinyHunters listed it on a leak site. Hackers claimed to steal millions of customer records via a vishing attack, but Charter stated sensitive data like private telecom account information was not released.
- GTA cheat service Atlas Menu hacked as attacker alleges screenshot spying
Atlas Menu, a Grand Theft Auto V and Counter-Strike 2 cheat service, experienced a data breach in May exposing 64,000 email addresses, usernames, IP addresses, passwords, and internal records. An attacker leaked the database on GitHub, claiming access to all Atlas systems, while users noted this breach contained more sensitive data than prior incidents.
- ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak
ShinyHunters leaked 4.9 million Charter Communications customer records, including names, email addresses, phone numbers, and physical addresses, after the company allegedly refused their extortion demands. Charter confirmed an investigation but claimed no sensitive data was exfiltrated, while the breach is part of a broader pattern of ShinyHunters targeting organizations, including a recent Carnival Corporation data theft.
- Charter Communications data breach affects 4.9 million accounts
The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking U.S. telecom company Charter Communications. The breach was reported by data breach notification service Have I Been Pwned.
- Could the 7-Eleven breach affect you?
7-Eleven experienced a data breach exposing 185,000 unique email addresses and personal information like names, dates of birth, and physical addresses. The breach, linked to a 2026 extortion campaign by ShinyHunters, involved unauthorized access to systems storing franchisee documents, not customer purchase data.
- Carnival confirms ShinyHunters cruised off with 6M customer records after April breach
Carnival Corporation confirmed a data breach affecting nearly 6 million customers after a social engineering attack on April 14. Hacking group ShinyHunters claimed to have stolen terabytes of data, including personal information like names, addresses, and identification numbers. Carnival is offering free credit monitoring to affected individuals and has enhanced its security measures.
- Charter confirms data breach after ShinyHunters extortion threat
Charter Communications, a U.S. telecommunications giant, confirmed a data breach following an extortion threat from the ShinyHunters group, which demanded a ransom to prevent stolen data from being leaked.
- 7-Eleven data breach exposes personal information of 185,000 people
The ShinyHunters extortion gang hacked 7-Eleven's systems in April, stealing personal information of over 183,000 people, as reported by Have I Been Pwned.
- 7-Eleven confirms breach after ShinyHunters claims
7-Eleven confirmed a breach after ShinyHunters claimed it, discovering the breach on April 8 and determining that cybercriminals accessed certain systems used to store franchisee documents. The breach notification letters were sent out following an investigation. Cybercriminals gained access to sensitive information.
- 7-Eleven confirms data breach claimed by the ShinyHunters gang
7-Eleven confirmed a data breach claimed by the ShinyHunters gang, which occurred last month. The breach affected the convenience store chain's systems. The ShinyHunters extortion group is responsible for the cyberattack.
- The Canvas breach proved that prevention is no longer enough
The Canvas breach resulted in 3.65 terabytes of data stolen from approximately 275 million users, highlighting the need for improved security measures. The attack was carried out by ShinyHunters, who compromised 'Free-For-Teacher' accounts and escalated rapidly. This incident exposes the gap in enterprise security frameworks, which still treat SaaS platforms primarily as availability problems.
- Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data
Instructure reached an agreement with data theft and extortion crew ShinyHunters after a breach of Canvas user data, but experts doubt that stolen data was deleted. The incident affects nearly 9,000 universities and K-12 schools, and around 275 million students, teachers, and staff. Experts expect further phishing attacks using leaked information.
- Congress Puts Heat on Instructure After Canvas Outage
The House Committee on Homeland Security sent a letter regarding the Canvas cyberattack, which occurred on the same day that Canvas reached an agreement with the ShinyHunters cybercriminal group. The incident has put pressure on infrastructure. The edtech company is dealing with the aftermath of the attack.
- US govt seeks Instructure testimony on massive Canvas cyberattack
The US House Committee on Homeland Security is seeking testimony from Instructure executives regarding two cyberattacks on the Canvas platform by the ShinyHunters extortion group, which resulted in stolen student data and school disruptions. The attacks occurred during final exams and targeted the company's platform. The committee's call for testimony indicates a growing concern over cybersecurity threats in educational institutions.
- Congress investigates Canvas breach as company pays ransom
The US Congress is investigating a breach of Instructure's Canvas online platform, which was hacked twice in two weeks, and the company has paid a ransom to extortion crew ShinyHunters. The breach affected up to 275 million students, teachers, and staff. Instructure's CEO Steve Daly has been summoned to explain the circumstances of the intrusions.
- Canvas' parent company strikes deal with hackers to delete stolen data
A hacking group named ShinyHunters claimed responsibility for the Canvas breach and threatened to leak data involving 275 million individuals if schools did not pay a ransom. The parent company of Canvas has struck a deal with the hackers to delete the stolen data. This deal aims to prevent the sensitive information from being leaked.
- Canvas owner reaches ‘agreement’ with hackers to secure stolen data
Instructure, the company behind Canvas, reached an agreement with hackers to secure stolen data, preventing a leak of 3.5 terabytes of student data. The agreement came after the ShinyHunters hacking group claimed responsibility for the attack and threatened to publish the data. Instructure claims no customers will be extorted as a result.
- Instructure reaches 'agreement' with ShinyHunters to stop data leak
Instructure reached an agreement with ShinyHunters to stop a data leak from being leaked online after a recent breach, involving the Canvas learning management system. The agreement aims to prevent stolen data from being published. Instructure is an edtech giant.
- Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
Instructure reached a ransom agreement with ShinyHunters to stop a 3.65TB Canvas leak after a network breach. The breach threatened to leak stolen information from thousands of schools and universities. Instructure is the parent company of Canvas.
- Pressure mounts on Canvas as data leak extortion deadline looms
Cybercriminals are threatening to leak sensitive data from Canvas, a widely used education tech platform, after a prolonged cyberattack. The company behind Canvas, Instructure, has taken the platform offline following malicious activity. A decentralized crew of cybercriminals, ShinyHunters, is attempting to extort the company for an unknown ransom amount.
- Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
Instructure's online learning platform Canvas experienced two rounds of unauthorized activity, with data theft and extortion crew ShinyHunters threatening to leak data of over 275 million students and staff. The breach affected nearly 9,000 schools worldwide, including Harvard and Stanford universities. Instructure has taken measures to contain the incident and notified the FBI and US Cybersecurity and Infrastructure Security Agency.
- School app Canvas breach hits during finals
Canvas, a school platform used by colleges and universities, experienced a breach during finals week, causing stress and confusion among students and teachers. The outage was caused by unauthorized activity detected by Instructure, the company behind Canvas. Instructure temporarily took Canvas offline to contain the activity and apply additional safeguards.
- Hacked educational platform partially restored for millions of students
The educational platform Canvas was breached by hacker group ShinyHunters, who threatened to leak student data. The platform has been partially restored for millions of students. The breach and restoration affect students' access to educational resources.
- ShinyHunters Claims Second Attack Against Instructure
ShinyHunters has claimed a second attack against Instructure, an edtech company struggling to regain control from hackers, putting personally identifiable information of hundreds of millions of people at risk. The attack highlights the severe security challenges faced by the company. Instructure's ability to protect user data is being questioned.
- Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
A cyberattack disrupted the online learning platform Canvas, causing chaos at schools and colleges throughout the US as students were due to take final exams. The platform was taken offline temporarily after identifying unauthorized activity in its network. Canvas parent company Instructure reported that the platform was back online as of Friday morning.
- Canvas outage delays college finals across the country
A cyberattack on Canvas, a learning platform used by thousands of schools, has caused universities across the country to reschedule or cancel finals. The attack was detected in late April and resulted in the breach of personal information. Canvas is back online after being shut down.
- ShinyHunters claims nearly 9,000 schools affected by Canvas data breach
ShinyHunters claims that nearly 9,000 schools have been affected by a data breach involving Canvas. The breach reportedly compromises sensitive information from the affected schools. ShinyHunters is a cybersecurity company that tracks and reports on data breaches.
- Hackers ate my homework: Educational SaaS Canvas down after cyberattack
Canvas, an educational SaaS, was down after a cyberattack by hacking crew ShinyHunters, affecting students and universities worldwide. The attack has led to concerns about data leakage and phishing risks. Institutions are taking precautions and extending assignment deadlines.
- The Canvas Hack Is a New Kind of Ransomware Debacle
Thousands of US schools were affected by a ransomware attack on the Canvas platform, prompting Instructure to shut down access. The breach was carried out by hackers calling themselves ShinyHunters. This incident has significant implications for the education sector.
- Canvas Breach Disrupts Schools & Colleges Nationwide
A cybercrime group called ShinyHunters has breached the education technology platform Canvas, disrupting classes and coursework at schools and universities across the US, and is demanding a ransom to prevent the publication of stolen data. The breach affects nearly 9,000 educational institutions and millions of students and faculty. Canvas parent firm Instructure has disabled the platform in response.