ShinyHunters Oracle PeopleSoft data theft and extortion campaign
Campaign
Summary
Hide ▲
Show ▼
An active ShinyHunters data theft and extortion campaign is targeting Oracle PeopleSoft customers, with claims of stolen data from 300 instances across more than 100 organizations. The operation spans cloud and on-premises deployments and appears to use old and zero-day vulnerabilities plus credential-spray tooling to gain access. Defenders are being urged to check for the listed infrastructure and treat affected PeopleSoft environments as potentially compromised.
Related Happenings
Nottingham University data publication on ShinyHunters leak site
Data Leak
H score42
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
How related:
The threat actor told BleepingComputer that Nottingham University is a victim of these attacks, and that its data has already been published on the ShinyHunters data leak site.
About this happening:
**Nottingham University** data has been **published on the ShinyHunters leak site**, turning the theft into a confirmed public exposure and raising downstream misuse risk. The pub...
Nottingham University data publication on ShinyHunters leak site
Data LeakHow related: The threat actor told BleepingComputer that Nottingham University is a victim of these attacks, and that its data has already been published on the ShinyHunters data leak site.
About this happening: **Nottingham University** data has been **published on the ShinyHunters leak site**, turning the theft into a confirmed public exposure and raising downstream misuse risk. The pub...
Silent Ransom Group US law firm IT impersonation campaign
Campaign
H score36
First: 29.05.2026 16:00
Last: 29.05.2026 16:00
Sources 1
About this happening:
**Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Silent Ransom Group US law firm IT impersonation campaign
CampaignAbout this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Storm-1175 high-velocity exploit campaign
Campaign
H score59
First: 06.04.2026 19:56
Last: 06.04.2026 19:56
Sources 1
About this happening:
**Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...
Storm-1175 high-velocity exploit campaign
CampaignAbout this happening: **Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...
ShinyHunters Salesforce Experience Cloud misconfiguration campaign
Campaign
H score51
First: 10.03.2026 12:00
Last: 10.03.2026 12:00
Sources 1
About this happening:
ShinyHunters is running an **active** **Salesforce Experience Cloud** campaign that exploits overly permissive guest-user settings to harvest data from **hundreds of companies**,...
ShinyHunters Salesforce Experience Cloud misconfiguration campaign
CampaignAbout this happening: ShinyHunters is running an **active** **Salesforce Experience Cloud** campaign that exploits overly permissive guest-user settings to harvest data from **hundreds of companies**,...
Latest development: 16.04.2026 13:35
ShinyHunters leaked data tied to McGraw Hill after breaching the company's Salesforce environment earlier this month, and McGraw Hill said the intrusion exposed a limited set of data from a webpage hosted by Salesforce on its platform while not affecting its Salesforce accounts, courseware, customer databases, or internal systems. Have I Been Pwned said more than 100GB of files later appeared publicly and contained data linked to 13.5 million accounts.
ShinyHunters voice-phishing campaign targeting SSO accounts for extortion
Campaign
H score62
First: 24.01.2026 01:35
Last: 24.01.2026 01:35
Sources 1
About this happening:
A **ShinyHunters**-linked extortion campaign is using **voice phishing** to target **Salesforce customers** and steal data for ransom, with the operation first surfacing in **May...
ShinyHunters voice-phishing campaign targeting SSO accounts for extortion
CampaignAbout this happening: A **ShinyHunters**-linked extortion campaign is using **voice phishing** to target **Salesforce customers** and steal data for ransom, with the operation first surfacing in **May...
Latest development: 27.04.2026 17:43
ShinyHunters breached ADT after compromising an employee's Okta single sign-on (SSO) account in a vishing attack, then used that access to reach ADT's Salesforce instance and steal data. Have I Been Pwned said the exposed data affected 5.5 million people and included names, phone numbers, addresses, and in a small percentage of cases dates of birth and partial Social Security numbers or Tax IDs; the group later leaked an 11GB archive after extortion failed.
Timeline
-
10.06.2026 21:31 2 articles · 0h ago
Oracle PeopleSoft customers receive ShinyHunters extortion demands
Initial DisclosureOracle PeopleSoft cloud and on-premises customer instances were identified as targets of widespread data theft attacks, and affected customers were receiving extortion demands signed by the ShinyHunters extortion gang.
Show sources
- Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks — www.bleepingcomputer.com — 10.06.2026 21:31
- Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks — www.bleepingcomputer.com — 10.06.2026 21:31
-
10.06.2026 21:31 1 articles · 0h ago
ShinyHunters claims data theft from 300 Oracle PeopleSoft instances
Attribution UpdateShinyHunters confirmed it was behind the Oracle PeopleSoft attacks and claimed stolen data from 300 instances across more than 100 organizations, saying the operation used a gadget chain of old and zero-day vulnerabilities and that success varied by instance configuration.
Show sources
- Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks — www.bleepingcomputer.com — 10.06.2026 21:31