The ShinyHunters extortion group breached Charter Communications via a voice phishing attack that compromised an employee's Microsoft Entra account, which was then used to exfiltrate customer data from a Salesforce instance. This attack vector targets single sign-on credentials to access and steal data from SaaS applications for extortion purposes. The article does not describe a specific software vulnerability with associated CVSS scores or patchable versions, but rather a social engineering-driven account compromise incident.
Breach ShinyHunters extorts Charter Communications after data breach May 26, 2026 Share By SC Staff (Adobe Stock) Charter Communications has confirmed a data breach following a threat from the ShinyHunters extortion group to leak stolen data. The telecommunications giant, which serves millions of customers under the Spectrum brand, stated it is alerting authorities and claims no sensitive personal or customer proprietary network information was exfiltrated, based on information published by Bleeping Computer. The incident came to light after Charter was listed on ShinyHunters' data leak site, where the group claimed to have stolen 40 million records. ShinyHunters alleges they gained access on April 1 through a voice phishing attack that compromised an employee's Microsoft Entra account, subsequently exporting customer data from Charter's Salesforce instance. The stolen information reportedly includes names, email addresses, physical addresses, phone numbers, plan details, and some customer proprietary network information, along with support ticket data. This attack method is consistent with ShinyHunters' broader campaign targeting single sign-on accounts to access SaaS applications like Salesforce for data extortion. This follows previous attacks by the group on entities like the education technology firm Instructure, which also involved data theft and potential ransom payments. Source: Bleeping Computer SC Staff Related Breach The Oncology Institute reports patient data potentially exposed in third-party vendor breach SC Staff May 26, 2026 The Oncology Institute disclosed on May 20, 2026, that Kroll, a third-party administrator for an unnamed vendor, detected unauthorized access to systems that may have affected patient data. Breach Grafana Labs discloses GitHub environment breach, source code downloaded SC Staff May 18, 2026 The breach occurred after a threat actor obtained a compromised token. Breach American Lending Center data breach impacts over 123,000 individuals SC Staff May 15, 2026 The breach involved a ransomware attack where threat actors compromised the internal network and accessed files containing personal identifying information. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Attack Vector You can skip this ad in 5 seconds