Figure Technologies Data Breach: 1 Million Accounts Exposed by ShinyHunters
Figure Technology Solutions Suffers Cybersecurity Breach
A recent cybersecurity incident has exposed the personal and contact information of nearly one million accounts belonging to users of Figure Technology Solutions, a financial technology company built on blockchain infrastructure.
Breach Details
The breach, attributed to social engineering, resulted in the theft of sensitive data, including names, phone numbers, physical addresses, and dates of birth.
About Figure Technology Solutions
Figure Technology Solutions, founded in 2018, positions itself as a financial services platform that leverages the Provenance blockchain to facilitate lending, borrowing, and securities trading.
The company has unlocked over $22 billion in home equity and partners with more than 250 organizations, including banks, credit unions, and fintech companies.
Attack Details
The attack on Figure involved social engineering tactics, where an employee was tricked into providing access to internal systems.
The company has not detailed how access was granted or whether additional safeguards have been implemented.
Exposed Records
The exposed records, dating back to January 2026, contained over 900,000 unique addresses, along with sensitive personal data.
The breach was publicly disclosed on the data breach notification service Have I Been Pwned, which reported that data from 967,200 accounts had been exposed.
Incident Impact
The incident highlights the expanding reach of social engineering attacks, which target employees and exploit authentication workflows to gain access to sensitive data.
By impersonating trusted internal personnel, attackers can bypass layered security controls without deploying sophisticated malware.
Conclusion
The breach serves as a reminder that even companies built on emerging financial technologies remain exposed to traditional vulnerabilities, including the trust placed in human intermediaries.
In recent weeks, ShinyHunters has claimed breaches at several organizations, including online dating company Match Group, which owns platforms such as Tinder and OkCupid.
The group’s tactics reflect a shift in cybercrime tactics away from technical exploits and toward manipulation of individuals within organizations.
As cybersecurity threats continue to evolve, companies must prioritize robust security measures and employee education to prevent similar incidents.
About Author
English