Crunchbase A.I CyberSecurity Scoring
Crunchbase
Company Information
Website:https://www.crunchbase.com/
Employees number:251
Number of followers:157,511
NAICS:5112
Industry Type:Software Development
Homepage:crunchbase.com
Crunchbase Risk Score (AI oriented)
Between 0 and 549
CrunchbaseSoftware Development
Updated:
04/04/2026
04/04/2026
440/1000
Critical
C
Crunchbase Global Score (TPRM)
xxxx
CrunchbaseSoftware Development
Score locked

CrunchbaseCritical
Current Score
440C (CRITICAL)
01000
4 incidents
-83.75 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
459
JUNE 2026
454
MAY 2026
449
APRIL 2026
440
MARCH 2026
435
FEBRUARY 2026
429
JANUARY 2026
490
Breach
28 Jan 2026 • Crunchbase
CrunchBase, Panera Bread, Match Group and Bumble: Bumble, Match, Panera Bread and CrunchBase hit by cyberattacks, Bloomberg News reports
Cyberattacks Target Bumble, Match, Panera Bread, and CrunchBase
426
MEDIUM-64
MATBUMCRUPAN1770710058
Cyberattacks Target Bumble, Match, Panera Bread, and CrunchBase
Several high-profile companies including dating platforms Bumble and Match, food chain Panera Bread, and corporate data provider CrunchBase were hit by cyberattacks, according to a Bloomberg News report on Wednesday. The incidents, confirmed by company spokespersons, varied in scope and impact.
Bumble stated that the intruders did not access its member database, accounts, direct messages, or profiles. Similarly, Match Group, parent company of Tinder, reported that a limited amount of user data was affected, though login credentials, financial information, and private communications remained secure.
CrunchBase disclosed that documents on its corporate network were compromised but contained the breach. Panera Bread confirmed an incident involving contact information and notified authorities.
The attacks highlight ongoing cybersecurity risks across industries, with companies emphasizing containment efforts and minimal exposure of sensitive data. No further details on the attackers or their motives were provided.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
581
Breach
12 Jan 2026 • Crunchbase
Crunchbase: Crunchbase Confirms Data Breach After Hacking Claims
Crunchbase Data Breach by ShinyHunters
488
CRITICAL-93
CRU1769440011
Crunchbase Confirms Data Breach as ShinyHunters Leaks 2M Records
Market intelligence firm Crunchbase has confirmed a data breach after the ShinyHunters cybercrime group published files allegedly stolen from its systems. The hackers claim to have exfiltrated over 2 million records, including personally identifiable information (PII), contracts, and corporate data, totaling 400 MB of compressed files posted online after Crunchbase refused to pay a ransom.
In a statement to SecurityWeek, Crunchbase acknowledged the incident, confirming that a threat actor accessed certain documents from its corporate network. The company stated that no business operations were disrupted, the breach has been contained, and systems are now secure. Crunchbase has engaged cybersecurity experts and notified federal law enforcement while reviewing the leaked data to determine if legal notifications are required.
Alon Gal, CTO of threat intelligence firm Hudson Rock, analyzed the leaked data and verified the presence of sensitive information. The breach follows a pattern of recent ShinyHunters attacks, with the group also claiming breaches at SoundCloud and Betterment.
- SoundCloud confirmed a mid-December breach affecting 20% of its users, exposing email addresses and public profile data but not passwords or financial information. While the company is reviewing the leaked files, it has found no evidence supporting the hackers’ claims of additional sensitive data theft. However, the attackers have since harassed users, employees, and partners.
- Betterment, a robo-advisor firm, disclosed a January 12 cybersecurity incident where threat actors gained access via social engineering and used it to send cryptocurrency scam messages to customers.
Separately, Hudson Rock’s Gal reported that ShinyHunters claims responsibility for a recent Okta SSO vishing campaign, linking the group to attacks on Crunchbase, SoundCloud, and Betterment. Okta has issued warnings about custom phishing kits enabling advanced voice-based social engineering, though it has not confirmed a direct connection to ShinyHunters’ recent activities. The kits have been used against Google, Microsoft, Okta, and cryptocurrency services.
The incidents highlight the group’s expanding targeting of high-profile companies, with ongoing investigations into the full scope of the breaches.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
645
Breach
09 Jan 2026 • Crunchbase
Betterment: Betterment Data Breach Exposes Customer Information In 2026
Betterment Data Breach Exposes Customer Information
581
CRITICAL-64
BET1768259382
Betterment Data Breach Exposes Customer Information in 2026 Social Engineering Attack
On January 9, 2026, Betterment, a leading automated investment and personal finance platform, disclosed a cybersecurity incident in which hackers exploited third-party marketing and operational tools to access customer data. The attackers employed social engineering tactics deception and impersonation to infiltrate systems, bypassing Betterment’s core security infrastructure.
The breach exposed personal information, including names, email and postal addresses, phone numbers, and dates of birth for an undisclosed number of customers. While Betterment confirmed that no account credentials or financial data were compromised, the attackers used the stolen information to send fraudulent cryptocurrency scam messages to some users, promising to triple their holdings in exchange for a $10,000 payment to a hacker-controlled wallet.
Betterment detected the breach the same day, revoking unauthorized access and launching an investigation with an unnamed cybersecurity firm. The company stated that no customer accounts were accessed, and login credentials remained secure. However, the incident has raised concerns about the risks posed by third-party integrations in financial services, as the attack did not target Betterment’s internal systems directly but rather exploited vulnerabilities in external platforms.
Betterment’s response has drawn criticism for its lack of transparency, including the use of a "noindex" tag on its security incident webpage, preventing search engines from indexing the details. As of January 12, 2026, the company had not disclosed the number of affected customers or further specifics about the attack. The ongoing investigation, along with regulatory scrutiny, may provide additional clarity in the coming weeks.
Cybersecurity experts note that social engineering attacks on financial platforms are increasing, emphasizing the need for stronger oversight of third-party vendors and employee training. The breach underscores the broader challenge of securing interconnected digital ecosystems, where even robust internal defenses can be undermined by external vulnerabilities.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
757
Breach
12 Dec 2025 • Crunchbase
SoundCloud confirms breach after member data stolen, VPN access disrupted
SoundCloud Security Breach and Data Theft
643
CRITICAL-114
SOU1765850792
SoundCloud Confirms Security Breach Impacting 28 Million Users
SoundCloud has confirmed that recent outages and VPN connectivity issues were caused by a security breach in which threat actors stole a database containing user information. The incident, detected over the past four days, led to widespread reports of users encountering 403 "forbidden" errors when accessing the platform via VPN.
In a statement to BleepingComputer, SoundCloud revealed that unauthorized activity was detected in an ancillary service dashboard, prompting the activation of its incident response procedures. While the company acknowledged that a threat actor accessed limited data, it clarified that no sensitive information—such as financial details or passwords—was compromised. The exposed data included only email addresses and publicly visible profile information.
The breach is estimated to affect approximately 20% of SoundCloud’s user base, translating to roughly 28 million accounts based on publicly reported figures. The company stated that all unauthorized access has been blocked and that no ongoing risk to the platform exists.
In response, SoundCloud has implemented additional security measures, including enhanced monitoring, improved threat detection, and a review of identity and access controls. However, a configuration change made during the response disrupted VPN access to the site, with no confirmed timeline for full restoration.
Following the breach, SoundCloud also faced denial-of-service (DoS) attacks that temporarily disabled its web availability. While the company has not identified the threat actor, BleepingComputer sources indicate that the ShinyHunters extortion gang is likely responsible. The group, which also claimed responsibility for a recent PornHub data breach, is reportedly attempting to extort SoundCloud after allegedly stealing user data. Further updates are expected as the investigation continues.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
757
OCTOBER 2025
757
SEPTEMBER 2025
757
AUGUST 2025
757
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Crunchbase ??
What was Crunchbase's A.I Rankiteo Cyber Score in June 2026 ??
What was Crunchbase's A.I Rankiteo Cyber Score in May 2026 ??
What was Crunchbase's A.I Rankiteo Cyber Score in April 2026 ??
What was Crunchbase's A.I Rankiteo Cyber Score in March 2026 ??
What was Crunchbase's A.I Rankiteo Cyber Score in February 2026 ??
What was Crunchbase's A.I Rankiteo Cyber Score in January 2026 ??
What was Crunchbase's A.I Rankiteo Cyber Score in December 2025 ??
What was Crunchbase's A.I Rankiteo Cyber Score in November 2025 ??
What was Crunchbase's A.I Rankiteo Cyber Score in October 2025 ??
What was Crunchbase's A.I Rankiteo Cyber Score in September 2025 ??
What was Crunchbase's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Crunchbase's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Crunchbase ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Crunchbase's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?