Threat Intelligence , Data Security Multiple other companies purportedly breached by ShinyHunters, over 9M record leak warned April 20, 2026 Share By SC Staff (Adobe Stock) Hacking operation ShinyHunters has claimed to have compromised nine major brands, including fast fashion retailer Zara, convenience store chain 7-Eleven, and cruise line operator Carnival Corporation, while warning that it would release over 9 million records with personally identifiable information and internal data should the demanded ransom remain unpaid by Apr. 21, Cybernews reports. Zara allegedly had its BigQuery instances breached following the hack of Israeli AI analytics company Anodot, which was previously reported to have enabled the infiltration of Rockstar Games ' Snowflake environment. Inditex, the parent firm of Zara, had already confirmed identifying unauthorized access to its databases without directly naming Anodot. On the other hand, 7-Eleven was claimed to have had its systems compromised through the breach of its Salesforce environment, resulting in the theft of more than 600,000 records. Other firms exposed via Salesforce were global ecommerce firm Pitney Bowes, financial services firm Canada Life Assurance Company, ultra-luxury hospitality company Aman Resorts, and commercial real estate broker Marcus & Millichap. ShinyHunters also purportedly stole over 8.7 million records from Carnival Corporation. Such a development comes as U.S. home security provider Alert 360 had 2.5 million records spilled by the hacking group following the company's refusal to fulfill its demands. SC Staff Related Threat Intelligence Nearly $300M stolen from Kelp DAO cross-chain bridge heist SC Staff April 20, 2026 Cybernews reports that major liquid restaking protocol Kelp DAO had 116,500 rsETH, or almost $292 million, stolen following an attack against its LayerZero-powered cross-chain bridge on Apr. 18, surpassing the over $280 million losses recorded from the crypto heist against Solana-based decentralized finance exchange Drift Protocol. Threat Intelligence Trojanized TestDisk installer, Microsoft binary tapped for illicit ScreenConnect deployment SC Staff April 20, 2026 Trojanized TestDisk installer, Microsoft binary tapped for illicit ScreenConnect deployment Attacks launching a malicious TestDisk installer and exploiting a Microsoft-signed binary for DLL side-loading have enabled the clandestine injection of the ConnectWise ScreenConnect remote monitoring and management software as part of a search engine optimization poisoning campaign, according to GBHackers News. Phishing Tycoon 2FA relinquishes crown to similar PhaaS platforms SC Staff April 20, 2026 Last month's takedown of over 300 active domains used by the Tycoon 2FA phishing-as-a-service platform, which was once the most prolific PhaaS kit, has prompted threat actors to transfer to the Mamba 2FA, Sneaky 2FA, and EvilProxy platforms that have since integrated Tycoon 2FA's tools, according to SecurityWeek. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bit Botnet Brute Force Cipher Ciphertext Covert Channels Cryptanalysis Darknet Data Aggregation Information Warfare You can skip this ad in 5 seconds