Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Resecurity alleged data leak claim after ShinyHunters Telegram screenshots

Data Leak
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

ShinyHunters publicly claimed a Resecurity breach and posted screenshots on Telegram, asserting it had obtained employee data, internal communications, threat intelligence reports, and client information. Resecurity said the accessed environment was a honeypot with synthetic data, disputing that the material came from production systems. The disclosure matters because it turns a disputed intrusion into a visible data-leak allegation involving a cybersecurity firm and potentially sensitive internal records.

Related Happenings

House Homeland Security briefing request on Instructure attacks

Public Sector Action
First: 14.05.2026 23:19 Last: 14.05.2026 23:19 Sources 1

About this happening: The **House Committee on Homeland Security** requested **Instructure** appear for a briefing on the **recent attacks**, escalating congressional scrutiny of the Canvas compromise...

Open Happening

ShinyHunters Salesforce Experience Cloud misconfiguration campaign

Campaign
First: 10.03.2026 12:00 Last: 10.03.2026 12:00 Sources 1

About this happening: ShinyHunters is running an **active** **Salesforce Experience Cloud** campaign that exploits overly permissive guest-user settings to harvest data from **hundreds of companies**,...

Latest development: 16.04.2026 13:35

ShinyHunters leaked data tied to McGraw Hill after breaching the company's Salesforce environment earlier this month, and McGraw Hill said the intrusion exposed a limited set of data from a webpage hosted by Salesforce on its platform while not affecting its Salesforce accounts, courseware, customer databases, or internal systems. Have I Been Pwned said more than 100GB of files later appeared publicly and contained data linked to 13.5 million accounts.

Open Happening

ShinyHunters Salesforce Experience Cloud data theft claims

Data Leak
First: 09.03.2026 19:12 Last: 09.03.2026 19:12 Sources 1

About this happening: **ShinyHunters** has **claimed ongoing theft** of data from **Salesforce Experience Cloud** instances, putting exposed customer records at risk across **hundreds of organizations*...

Open Happening

Ariomex leaked database exposing 11,826 verified user records

Data Leak
First: 03.03.2026 16:30 Last: 03.03.2026 16:30 Sources 1

About this happening: A **newly obtained Ariomex database** exposed **11,826 verified user records**, creating a concrete view of activity tied to **sanctions evasion** and **large-scale capital transf...

Open Happening

Odido hit by network compromise

Incident
First: 12.02.2026 20:18 Last: 12.02.2026 20:18 Sources 1

About this happening: **Odido** said a **cyberattack** exposed personal data from its **customer contact system**, affecting **6.2 million customers** after unauthorized access was detected on the week...

Latest development: 24.02.2026 13:40

ShinyHunters claimed responsibility for breaching Dutch telecommunications provider Odido, added the company to its dark web leak site, and said it had stolen nearly 21 million records. The gang also claimed the stolen material includes internal corporate data and plaintext passwords, while Odido denied that passwords, call details, social security numbers, or billing data are involved.

Open Happening

Timeline

  1. 03.01.2026 22:34 1 articles · 4mo ago

    Resecurity detects probing of publicly exposed systems

    Exploitation Observed

    Resecurity first detected a threat actor probing its publicly exposed systems on November 21, 2025, and logged multiple IP addresses linked to the activity, including addresses originating from Egypt and Mullvad VPN services.

    Show sources
    Open in new tab
  2. 03.01.2026 22:34 2 articles · 4mo ago

    ShinyHunters posts Telegram breach claim

    Initial Disclosure

    ShinyHunters published Telegram screenshots on January 3, 2026, claiming full access to Resecurity systems and alleging theft of internal chats and logs, full employee data, threat intelligence reports, and a complete client list. The group said the alleged access was retaliation for supposed attempts by Resecurity employees to socially engineer the group and learn more about its operations, while Resecurity disputed the claim and said the accessed environment was a honeypot.

    Show sources
    Open in new tab
  3. 24.12.2025 02:00 1 articles · 5mo ago

    Resecurity report details honeypot monitoring

    Technical Analysis Update

    Resecurity's December 24 report says its DFIR team deployed a honeypot in an isolated environment with fake employee, customer, and payment data, observed the actor attempting to automate data exfiltration in December, and recorded more than 188,000 requests between December 12 and December 24 while using large numbers of residential proxy IP addresses. The company says it also shared telemetry and other intelligence with law enforcement and later narrowed the actor's infrastructure using additional fake datasets and proxy-failure OPSEC mistakes.

    Show sources
    Open in new tab