Shinyhunters
| Active | RaaS
ShinyHunters is a financially motivated data-theft and extortion group active since 2020, responsible for high-profile breaches including Ticketmaster (via Snowflake) and PowerSchool; by 2025 they launched a RaaS offering called "shinysp1d3r," and in August 2025 French authorities arrested four members.
Victims
103
First Discovered
2025-10-03
victim
Last Discovered
2026-05-09
victim
Inactive Since
9
days
Avg Delay
102.3
days
Infostealer
79.4%
victims with domain
Countries
14
hit
Attack Velocity — Last 12 months
-80% vs last month
Known Locations (4)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Yes | 2026-05-18T05:19:08 | nginx 1.22.1 |
shinypogk4jjniry5qi7247tznop6mxdrdte2k6pdu5cyo43vdzmrwid.onion
|
|||
|
This Domain Has Been Seized | Yes | 2026-05-18T05:17:42 | cloudflare |
breachforums.hn
|
||
|
SH | No | 2026-05-01T01:05:15 |
toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion
|
|||
|
DDOS Protection | Yes | 2026-05-18T05:18:33 |
shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion
|
Target
Top 5 Activity Sectors
- Consumer Services 22
- Financial Services 20
- Technology 20
- Education 10
- Business Services 9
Top 5 Countries
-
United States
73
-
Germany
4
-
France
4
-
Japan
3
-
Singapore
2
Heatmap
Vulnerabilities Exploited (3)
| Vendor | Product | CVE | Source |
|---|---|---|---|
| Oracle | Oracle E-Business Suite (EBS) | CVE-2025-61882 | |
| Cisco | Cisco Unified Communications | CVE-2026-20045 | |
| Snowflake | Snowflake (credential stuffing / no MFA) | OAuth Abuse |
TTPs Matrix (6)
| Initial Access | Defense Evasion | Collection | Exfiltration | Impact | Reconnaissance |
|---|---|---|---|---|---|
| Unsecured Credentials: Private Keys | Use Alternate Authentication Material: Application Access Token | Data from Information Repositories | Exfiltration Over Web Service | Data Encrypted for Impact | Phishing for Information: Spearphishing Attachment |
| Phishing: Spearphishing Voice (Vishing) |
YARA Rules (1)
Indicators of Compromise (IoCs) (5)
Email
1
telegram
4
| Type | IOC |
|---|---|
Email
|
shinyc0rp@tuta.io
|
telegram
|
https://t.me/s/SLSH6
|
telegram
|
https://t.me/s/andrewfedman
|
telegram
|
https://t.me/shinygr0up
|
telegram
|
https://t.me/specialagentadam
|
Victims (103)
Your data was compromised in several of our campaigns throughout the past few months. We urge you to…
Over 16M unique persons records containing significant PII, financial/transactions (credit cards), K…
Nearly 9,000 schools worldwide affected. 275 million individuals data ranging from students, teacher…
Over 500k Salesforce records containing PII and other internal corporate data have been compromised.…
Salesforce records containing PII and other internal corporate data have been compromised. This is a…
Over 4M Salesforce records containing PII and other internal corporate data have been compromised. T…
Your Snowflake and Bigquery instances data was compromised thanks to Anodot.com. Pay or Leak. This i…
Over 1.4M records containing PII and other internal corporate data have been compromised. Pay or Lea…
Over 10M records containing PII and other internal corporate data have been compromised. Pay or Leak…
Over 500k Salesforce records containing PII have been compromised. Pay or Leak. This is a final warn…
Over 5.6M Salesforce records containing PII have been compromised. Pay or Leak. This is a final warn…
Over 25M Salesforce records containing PII have been compromised. Pay or Leak. This is a final warni…
Over 600k Salesforce records containing PII and other internal corporate data have been compromised.…
Over 8.7M records containing PII and other terabytes of internal corporate data have been compromise…
Your Bigquery instances data was compromised thanks to Anodot.com. Pay or Leak. This is a final warn…
Over 2.5M records containing PII and other internal corporate data have been compromised. Please rea…
Your Snowflake instances metrics data was compromised thanks to Anodot.com. Pay or leak. This is a f…
Over 1.7M Salesforce records containing PII and other internal corporate data have been compromised.…
Over 30M Salesforce records containing PII and other internal corporate data have been compromised. …
Over 13M Salesforce records containing PII and other internal corporate data have been compromised. …
Over 4.8M Salesforce records containing PII and other internal corporate data have been compromised.…
Over 45M Salesforce records containing PII data have been compromised. Pay or leak. This is a final …
Over 9.4M Salesforce records containing PII and other internal corporate data have been compromised.…
Sensitive customer PII data and transactional history data was compromised. Pay or leak. This is a f…
3 breaches ( UNC6040 , Salesforce Aura, and AWS accounts). Total over 3M Salesforce records containi…
Over 7.9M Salesforce records containing PII and other internal corporate data have been compromised.…
Over 350 GB+ of data was compromised, including data dumps of mail servers, databases, confidential …
BreachForums has been run by many fakes, but by us, following the FBI seizure on 10 Oct 2025. Mainta…
Several terabytes from Snowflake, Mixpanel, Salesforce, and ect. have been compromised. This is a fi…
Salesforce records containing PII and other internal corporate data have been compromised. The compa…
Salesforce records containing PII and over 200GB compressed Sharepoint internal corporate data have …
Salesforce records containing PII and other internal corporate data have been compromised. This is a…
Over 5M Salesforce records containing PII and other internal corporate data have been compromised. T…
Over 2M records containing PII and other internal corporate data have been compromised. The company …
Over 2M records containing PII and other internal corporate data have been compromised. This is a fi…
Over 800k records containing PII and other internal corporate data have been compromised. The compan…
Over 2M records containing PII and other internal corporate data have been compromised. This is a fi…
Several hundreds of companies set to release with FINAL WARNINGs upon failure to comply. To all affe…
Over 800k records containing PII and other internal corporate data have been compromised. This is a …
Salesforce records were compromised and other internal corporate data have been compromised. The com…
Several hundreds of millions of records containing PII, transaction/order data, other internal corpo…
Over 641k records containing PII and other internal corporate data have been compromised. This is a …
Records: 1.2M Records | Updated: 04 Feb 2026 | Note: Make the right decision, don't be the next head…
Size: 1.1GB (compressed) | Updated: 04 Feb 2026 | Note: Make the right decision, don't be the next h…
Size: 2.5GB (compressed) | Updated: 13 Feb 2026 | Note: Pay or be humiliated. | They were given mult…
Records: 10M Records | Updated: 28 Jan 2026 | Note: Your greed is killing you. | Don't be an idiot l…
Records: 14M Records | Updated: 27 Jan 2026 | Note: Don't be the next headline. | Don't be an idiot …
Size: 1.3 GB (compressed) | Records: 2M Records | Updated: 23 Jan 2026…
Size: 1.6 GB (compressed) | Records: 20M Records | Updated: 23 Jan 2026 | Note: Betterment better(ge…
[AI generated] Engie Resources is a subsidiary of Engie, a global energy player. The company provide…
[AI generated] Albertsons Companies, Inc. is one of the largest food and drug retailers in the Unite…
[AI generated] Telstra Corporation Limited is the largest telecommunications and media company in Au…
[AI generated] Red Hat, Inc. is a leading American multinational software company that provides open…
[AI generated] S&P Global is an American company that provides high-quality market intelligence in t…
[AI generated] CIC Vietnam is a Vietnamese consultancy firm that helps its clients develop business …
[AI generated] IKEA is a Swedish-based multinational company that designs and sells ready-to-assembl…
[AI generated] Chanel is a renowned French luxury fashion house founded by designer Coco Chanel in 1…
[AI generated] TransUnion is a global credit reporting agency that provides credit information and a…
[AI generated] Pandora.net is the official website of Pandora A/S, a company based in Denmark. It sp…
[AI generated] Cisco Systems, Inc. is a multinational company based in San Jose, California. It spec…
[AI generated] Google AdSense is a program run by Google through which website publishers in the Goo…
[AI generated] Air France & KLM is an international airline partnership under the parent company Air…
[AI generated] 1-800Accountant is a nationwide virtual accounting firm merging the convenience of te…
[AI generated] Saks Fifth Avenue is a luxury retail store originating from the United States. It is …
[AI generated] CarMax is a leading car dealership company in the United States that specializes in u…
[AI generated] Qantas Airways, an Australian-based airline, is indeed one of the oldest in the world…
[AI generated] TripleA is a fintech company that aims to simplify cryptocurrency transactions. It pr…
[AI generated] Adidas is a multinational corporation, founded in Germany in 1949. It is one of the l…
[AI generated] Cartier is a renowned French luxury goods conglomerate that specializes in designing,…
[AI generated] Puma is a globally renowned German multinational corporation that designs and manufac…
[AI generated] Petco is a leading pet specialty retailer in the US providing essential pet products …
[AI generated] Instacart is an American company that operates as a same-day grocery delivery and pic…
[AI generated] HBO Max is a premium streaming service offered by Home Box Office, Inc., a subsidiary…
[AI generated] Kering is a global luxury group that manages the development of renowned houses in fa…
[AI generated] Engie Resources (Plymouth) is one of the leading energy providers in the United State…
[AI generated] Albertsons Companies Inc. is one of the largest American grocery corporations, founde…
[AI generated] Instructure Inc. is a technology company that developed the Canvas Learning Managemen…
[AI generated] Fujifilm is a globally recognized Japanese multinational corporation known for its in…
[AI generated] HMH, or Houghton Mifflin Harcourt, is a long-established publishing company specializ…
[AI generated] GAP, INC. is an American multinational clothing and accessories retailer. The company…
[AI generated] ASICS is a globally recognized Japanese athletic equipment company. Founded in 1949 b…
[AI generated] KFC (Kentucky Fried Chicken) is a world-renowned fast food restaurant chain known for…
[AI generated] McDonald's is a global fast-food chain, established in the USA in 1940 by Richard and…
[AI generated] Stellantis N.V. is a multinational automotive manufacturing corporation, formed throu…
[AI generated] Walgreens is an American pharmaceutical retail company, established in 1901. It is on…
[AI generated] Vietnam Airlines is the national flag carrier of Vietnam, founded in 1956. Headquarte…
[AI generated] Marriott International is a renowned multinational hospitality company, headquartered…
[AI generated] Home Depot is the largest home improvement retailer in the United States. It is a one…
[AI generated] Aeroméxico is Mexico's flag carrier and a major international airline. Established in…
[AI generated] United Parcel Service (UPS) is an American multinational company that specializes in …
[AI generated] Republic Services, Inc. is a leading firm in recycling and non-hazardous solid waste …
[AI generated] Disney/Hulu refers to two separate entities, the Walt Disney Company and Hulu LLC. Wa…
[AI generated] FedEx Corporation is a multinational delivery services company headquartered in Memph…
[AI generated] Toyota Motor Corporation is a multinational automotive manufacturer headquartered in …