ShinyHunters Revives Leak Site Leads to Crunchbase Confirming Data Breach -

Post Views: 36

“Recently, ShinyHunters revives leak site, which led to the confirmation of a data breach by Crunchbase.”

The data leak operations of a financially driven cybercrime group have reappeared on the dark web, raising concerns about how businesses react when extortion tactics fail and stolen data is nevertheless made public.

A Leak Site Resurrects

On its Tor-based data leak website, the criminal gang ShinyHunters has restarted operations, posting content it claims was taken from a number of well-known businesses, including SoundCloud, Betterment, and Crunchbase.

The gang has been using similar strategies since at least 2020, when it became a prominent player in financially driven data theft and extortion, as seen by the renewed postings.

By stealing massive amounts of corporate and personal data and using the fear of public exposure as coercion, ShinyHunters has established its name. The organization usually posts parts of the data on underground forums or special leak sites if ransom demands are not fulfilled.

As part of the most recent upgrade, SoundCloud and Betterment’s identities resurfaced on the group’s website, both of which had previously confirmed security incidents.

Crunchbase

Following an unsuccessful effort at extortion, it released a compressed archive of material that was roughly 402 megabytes in size.

There has been no effect on ongoing operations, and its systems are now secure.

The Claim of the Crunchbase Breach

Among the recently reported incidents, Crunchbase verified a data breach following ShinyHunters’ alleged theft of over two million personal records from their servers.

As was the case with previous ShinyHunters operations, the leak was made accessible using the group’s own infrastructure. Crunchbase admitted that an unauthorized party had accessed and exfiltrated several papers from its corporate network, despite the group’s history of inflating or selectively disclosing stolen data.

Response and Containment of the Company

According to Crunchbase, the situation has been isolated, and its primary business operations have not been affected. The company said in a statement to SecurityWeek that it immediately took action to safeguard its systems after discovering a cybersecurity problem involving the exfiltration of specific documents.

The business stated that it notified federal law enforcement authorities and hired outside cybersecurity specialists to help in the investigation.

Examining Legal Requirements and Exposure

In order to ascertain the extent of the exposure and whether legal notifications are necessary in accordance with relevant rules, Crunchbase stated that it is examining the data that has been exposed online.

The company is evaluating what information was impacted and whether affected parties or regulators need to be notified as part of its incident response protocols.

About The Author

Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”