Figure email-record breach
Data Leak
Summary
Hide ▲
Show ▼
The Figure data breach exposed nearly 967,200 email records, creating a large pool of identifiers that can fuel credential stuffing and targeted phishing. The exposure also raises the risk of help-desk social engineering and downstream account takeover attempts. Even without a chained exploit, a leak of this size gives adversaries immediate operational input.
Related Happenings
Unnamed organization stolen data published on DLS
Data Leak
First: 06.05.2026 16:00
Last: 06.05.2026 16:00
Sources 1
About this happening:
**Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...
Unnamed organization stolen data published on DLS
Data LeakAbout this happening: **Stolen data** from an **unnamed organization** was later posted on a **data leak site (DLS)**, confirming exposure and increasing extortion pressure. The publication followed an...
Anxun Information Technology (i-Soon) internal operations and toolkit leak
Data Leak
First: 17.03.2026 20:41
Last: 17.03.2026 20:41
Sources 1
About this happening:
In **mid-February 2024**, **Anxun Information Technology (i-Soon)** suffered a **data leak** that exposed its **internal operations** and **offensive toolkit**, revealing details...
Anxun Information Technology (i-Soon) internal operations and toolkit leak
Data LeakAbout this happening: In **mid-February 2024**, **Anxun Information Technology (i-Soon)** suffered a **data leak** that exposed its **internal operations** and **offensive toolkit**, revealing details...
CarGurus 12.4 million-record data leak
Data Leak
First: 24.02.2026 20:08
Last: 24.02.2026 20:08
Sources 1
About this happening:
A **6.1GB archive** tied to **CarGurus** was published, exposing **12.4 million records** and increasing phishing and scam risk for affected users. The dataset includes **email ad...
CarGurus 12.4 million-record data leak
Data LeakAbout this happening: A **6.1GB archive** tied to **CarGurus** was published, exposing **12.4 million records** and increasing phishing and scam risk for affected users. The dataset includes **email ad...
ShinyHunters vishing campaign targeting SSO accounts
Campaign
First: 02.02.2026 15:46
Last: 02.02.2026 15:46
Sources 1
About this happening:
The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...
ShinyHunters vishing campaign targeting SSO accounts
CampaignAbout this happening: The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...
Latest development: 26.05.2026 22:46
ShinyHunters claims it breached Charter Communications on April 1 by vishing an employee's Microsoft Entra account, then used that access to export millions of consumer and business customer records from the company's Salesforce instance; Charter says no sensitive personal information or CPNI was exfiltrated.
Unauthenticated Moltbot instances expose configuration data and credentials
Data Leak
First: 28.01.2026 19:46
Last: 28.01.2026 19:46
Sources 1
About this happening:
**Hundreds of unauthenticated Moltbot instances** were found exposing **configuration data**, **API keys**, **OAuth credentials**, and **private chat histories** to unauthorized p...
Unauthenticated Moltbot instances expose configuration data and credentials
Data LeakAbout this happening: **Hundreds of unauthenticated Moltbot instances** were found exposing **configuration data**, **API keys**, **OAuth credentials**, and **private chat histories** to unauthorized p...
Timeline
-
09.04.2026 17:02 2 articles · 1mo ago
Figure email-record breach
Initial DisclosureIn **February 2026**, Figure disclosed that **nearly 967,200 email records** were exposed in a newly revealed breach. The immediate concern is that the dataset can be reused for **credential stuffing** and **targeted phishing**.
Show sources
- When attackers already have the keys, MFA is just another door to open — www.bleepingcomputer.com — 09.04.2026 17:02
- When attackers already have the keys, MFA is just another door to open — www.bleepingcomputer.com — 09.04.2026 17:02