The cybercrime group known as ShinyHunters has been identified as the perpetrator behind a series of high-profile data breaches and subsequent extortion campaigns targeting corporations worldwide. This group first gained notoriety in 2020 by offering massive datasets stolen from various companies for sale on dark web marketplaces.

Their activities represent a significant threat to corporate data security, involving the theft of sensitive customer information, source code, and other proprietary data, which is then used as leverage in extortion attempts or sold to other malicious actors.

Modus Operandi: Data Theft and Extortion

ShinyHunters’ primary method involves identifying and exploiting security vulnerabilities in corporate networks and cloud environments. The group has successfully compromised companies by accessing misconfigured cloud services and databases. In other documented instances, they have gained access to private source code repositories, such as those on Microsoft’s GitHub, by obtaining developer credentials or access tokens.

Following a successful breach, the group exfiltrates large volumes of data. The stolen information is then advertised on illicit forums. The group’s tactics have included direct extortion, where they contact the victim company and demand a ransom payment to prevent the public release or sale of the stolen data.

High-Profile Corporate Victims

Over the years, ShinyHunters has claimed responsibility for breaching numerous well-known organizations. One of their earliest and largest breaches involved the Indonesian e-commerce platform Tokopedia, from which they stole the data of over 91 million users. Another significant incident was the breach of the social storytelling platform Wattpad, exposing nearly 270 million user records.

More recently, the group was linked to the massive data theft from Ticketmaster, which impacted an estimated 560 million customers. This breach was part of a larger campaign targeting customers of the cloud data platform Snowflake. ShinyHunters also claimed responsibility for exfiltrating data belonging to millions of AT&T customers, which was later posted online.

Source: https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/