The ShinyHunters gang stole personal information from 4.9 million accounts after hacking US telecommunications giant Charter Communications in early April, according to data breach notification service Have I Been Pwned.
Charter has more than 92,000 employees and provides Internet, mobile, video, and voice services to more than 32 million customers and more than 57 million homes in 41 states across the US through its Spectrum product.
The company confirmed the breach earlier this week, saying the attackers did not steal sensitive customer information and that it had reported the incident to authorities.
“No sensitive personal information (PI) or customer network identity (CPNI) data was released by the threat actor as a result of the recent activity,” Charter told BleepingComputer.
While Charter has not claimed responsibility for the attack and has not provided further details, the ShinyHunters gang claimed responsibility and told BleepingComputer that it breached the company’s systems on April 1 in a phishing attack that compromised an employee’s Microsoft Entra account.
Threat actors say they used this access to steal 42 million records from the company’s Salesforce, including customer and business names, email addresses, residential addresses, phone numbers, phone types, system information, support ticket data, and other CPNI data.
After the company refused to pay the ransom demanded by ShinyHunters for the stolen data to be returned and destroyed, the cyber crime group leaked the stolen documents from Charter’s Salesforce on their black leak site.
BleepingComputer also contacted Charter about the gang’s claims that it had also stolen more CPNI data but was returned to the company’s original statement.
Although Charter declined to share more details, including whether the threat actors also extracted CPNI data from its systems, Have I Been Pwned analyzed the leaked data and confirmed that the incident affected 4.9 million accounts, whose names, email addresses, job titles, phone numbers, and physical addresses were stolen.
“The group later published the data, revealing 4.9M unique email addresses as well as names, phone numbers and addresses,” said Have I Been Pwned. “A small collection of approximately 85k records from internal personnel directories also included job titles.”
ShinyHunters has been targeting Salesforce customers for the past year, breaching hundreds of companies worldwide and claiming the theft of billions of records in the Salesforce Aura data theft attack and the Salesforce Drift campaign.
The FBI recently advised victims of ShinyHunters not to give in to the gang’s ransom demands, after previously warning that doing so would not ensure that the threat actors would not try to sell the stolen data to other hackers or commit fraud again.
Charter Communications’ systems were also put at risk by a group of Chinese government-backed breaches that followed a Salt Storm that also affected AT&T, Verizon, Consolidated Communications, Windstream, and Lumen, as well as phone companies in many other countries.
Automated testing tools deliver real value, but they’re designed to answer one question: can an attacker deploy on a network? They are not designed to check that your controls are blocking threats, your firewall detection, or your cloud configs.
This guide covers the 6 areas you really need to verify.
Download Now
