Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ShinyHunters data-theft extortion campaign targeting Salesforce customers

Campaign
First reported
Last updated
Happening score
H score 51
2 unique sources, 2 articles

Summary

Hide ▲

The ShinyHunters extortion campaign is actively pressuring numerous companies with ransom demands tied to stolen data, increasing exposure for Salesforce customers and other cloud-service users.

Related Happenings

CoinbaseCartel escalates extortion activity with more than 100 victims

Threat Actor Meta
First: 18.05.2026 16:46 Last: 18.05.2026 16:46 Sources 1

About this happening: **CoinbaseCartel** has expanded its extortion operation, publicly listing **more than 100 victims** on a **data leak portal**. The growth signals a more scalable criminal ecosyste...

Open Happening

ShinyHunters school-by-school extortion campaign targeting Canvas institutions

Campaign
First: 11.05.2026 13:05 Last: 11.05.2026 13:05 Sources 1

About this happening: ShinyHunters intensified a **school-by-school extortion campaign** against **Canvas-related institutions**, increasing pressure on schools and universities as the group threatened...

Open Happening

Zara customer data leak exposing 197,400 people

Data Leak
First: 08.05.2026 13:42 Last: 08.05.2026 13:42 Sources 1

How related: The data breach notification service posted a brief note on its website explaining data stolen during an April 2026 incident included unique email addresses alongside product Stock Keeping Units (SKU), order IDs and information relating to support tickets.

About this happening: The **Zara** customer-data leak now exposes **197,400 people**, creating privacy and phishing risk across multiple markets. The exposed records include **unique email addresses**,...

Open Happening

Medtronic hit by network compromise

Incident
First: 27.04.2026 16:50 Last: 27.04.2026 16:50 Sources 1

About this happening: Medtronic disclosed a **network breach** that reached **certain corporate IT systems**, making it a confirmed victim of a cyber intrusion. The company said there was **no impact**...

Open Happening

ADT hit by data theft breach

Incident
First: 25.04.2026 01:53 Last: 25.04.2026 01:53 Sources 1

About this happening: **ADT** confirmed a **data breach** after detecting **unauthorized access** to customer and prospective customer data on **April 20, 2026**, and the company said it terminated the...

Open Happening

Timeline

  1. 11.05.2026 12:00 1 articles · 16d ago

    ShinyHunters campaign expands across Zara and Instructure

    Campaign Scope Update

    ShinyHunters' pay-or-leak campaign exposed data from Zara customers, with HaveIBeenPwned citing over 197,000 affected customers after an April 2026 incident that involved stolen Anodot authentication tokens reaching BigQuery and Snowflake, and the same operation later targeted Instructure's Canvas Learning Management System in late April 2026, affecting 8,809 users across 50 countries and aligning with other victims such as Vimeo, Rockstar Games and McGraw Hill.

    Show sources
    Open in new tab
  2. 07.04.2026 22:39 1 articles · 1mo ago

    Snowflake detects unusual activity after stolen tokens target customer accounts

    Initial Disclosure

    Over a dozen companies were hit after a SaaS integration provider was breached and authentication tokens were stolen, with most of the activity directed at Snowflake customer accounts. Snowflake said it detected unusual activity in a small number of accounts tied to a specific third-party integration, locked potentially impacted accounts, notified customers, and said the activity did not involve a vulnerability or compromise of its systems. ShinyHunters later claimed responsibility, said it stole data from dozens of companies this past Friday, and said an attempted Salesforce data theft was blocked by AI detection.

    Show sources
    Open in new tab