Charter confirms data breach after ShinyHunters extortion threat
Recorded: May 26, 2026, 8 p.m.
| Original | Summarized |
Charter confirms data breach after ShinyHunters extortion threat News Featured Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign Laravel Lang packages hijacked to deploy credential-stealing malware Netherlands seizes 800 servers of hosting firm enabling cyberattacks Ubiquiti patches three max severity UniFi OS vulnerabilities Charter confirms data breach after ShinyHunters extortion threat Nine ethical hacking & penetration testing courses for $30 How Varonis Atlas integrates Claude Compliance API for AI governance Microsoft Defender can now automatically isolate hacked endpoints Tutorials Latest How to access the Dark Web using the Tor Browser How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11 How to use the Windows Registry Editor How to backup and restore the Windows Registry How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows Webinars Latest Qualys BrowserCheck STOPDecrypter AuroraDecrypter FilesLockerDecrypter AdwCleaner ComboFix RKill Junkware Removal Tool Deals Categories eLearning IT Certification Courses Gear + Gadgets Security VPNs Popular Best VPNs How to change IP address Access the dark web safely Best VPN for YouTube Forums Virus Removal Guides HomeNewsSecurityCharter confirms data breach after ShinyHunters extortion threat Charter confirms data breach after ShinyHunters extortion threat By Lawrence Abrams May 26, 2026 U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. Charter listing on the ShinyHunters data leak site The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate. Related Articles: Charter Communications Lawrence Abrams Previous Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Upcoming Webinar Popular Stories Laravel Lang packages hijacked to deploy credential-stealing malware Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes Sponsor Posts 33% Rise in Healthcare Credential Theft in 2025: What you need to know AI is a data-breach time bomb: Read the new report Protect Your Business from Ecommerce Fraud Overdue a password health-check? Audit your Active Directory for free Upcoming Webinar Follow us: Main Sections News Community Forums Useful Resources Welcome Guide Company About BleepingComputer Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... |
Charter Communications confirmed a data breach following an extortion threat made by the ShinyHunters group. Charter, one of the largest broadband providers in the United States serving tens of millions of residential and business customers through its Spectrum brand, alerted authorities regarding the incident. The company explicitly stated that no sensitive personal information or customer proprietary network information was exfiltrated by the threat actors as a result of the recent activity. This confirmation followed Charter's listing on the ShinyHunters data leak site, where the attackers claimed to have stolen forty million records containing various personal information for consumer and business customers. The threat actors contended that the initial breach occurred on April 1 through a voice phishing, or vishing, attack that successfully compromised an employee's Microsoft Entra account. The threat actors subsequently utilized this compromised access to export millions of consumer and business customer records from the company's Salesforce instance, including names, email addresses, physical addresses, phone numbers, plan details, and some proprietary network information. The threat actors also claimed to have stolen customer support ticket data. The extortion group is known to conduct extensive social engineering campaigns targeting the Microsoft Entra, Okta, and Google Single Sign-On (SSO) accounts of employees and business process outsourcing agents. By gaining access to these corporate SSO accounts, the threat actors are able to systematically extract data from numerous connected Software as a Service (SaaS) applications, including Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, and others. Salesforce proved to be a particularly popular target for the extortion gang. The threat actors reportedly breached numerous integration companies to steal OAuth tokens, which they could then leverage to access various Salesforce instances. Furthermore, the ShinyHunters group conducted attacks against the education technology firm Instructure, which resulted in Canvas outages and the theft of data belonging to tens of millions of students. Instructure eventually reached an agreement with the extortion group, suggesting they likely paid a ransom to prevent the public release of the stolen data. |