ShinyHunters Breaches Rockstar Games, Leaks Data Ahead of Ransom Deadline The hacker group ShinyHunters claims to have stolen sensitive data from Rockstar Games, leveraging an AI-powered tool called Anodot to breach the company’s Snowflake-based data warehouse. The group, which previously targeted Ticketmaster, set an April 14, 2026 deadline for ransom demands, warning of further leaks and digital disruptions if unmet. However, they have already begun releasing portions of the stolen data. Initial leaks appear confined to GTA Online and Red Dead Online, with no evidence of compromised user personal data or details related to Grand Theft Auto VI. ShinyHunters explicitly stated in their message: “Your Snowflake instances were compromised thanks to Anodot.com. Pay or leak.” Rockstar Games acknowledged the breach in a statement, confirming that a “limited amount of non-material company information” was accessed but insisting the incident poses no risk to operations or players. The company emphasized that the breach does not affect its infrastructure or user experience.

ShinyHunters Breaches Anodot, Compromises Snowflake Customer Data in Supply Chain Attack The ShinyHunters extortion group has claimed responsibility for a supply chain attack on Anodot, an AI-driven cloud analytics platform, resulting in the theft of authentication tokens for over a dozen Snowflake customer accounts. The breach, detected in mid-2024, mirrors a previous campaign where the group exploited weak security measures particularly the lack of multi-factor authentication (MFA) to infiltrate Snowflake environments. Hackers gained access to Anodot’s infrastructure, extracting tokens that allowed them to compromise Snowflake customer accounts. While they attempted to breach Salesforce accounts as well, their efforts were reportedly blocked. Snowflake confirmed "unusual activity" tied to a third-party integration but emphasized that its core systems remained uncompromised. The company locked down affected accounts and notified impacted customers. ShinyHunters, known for high-profile data theft and extortion, previously targeted Snowflake customers in early 2024, stealing sensitive data from major corporations, including AT&T, Ticketmaster, and Santander. The group has since resurfaced, claiming to have exfiltrated data from "dozens of companies" via the Anodot breach and is expected to pursue extortion demands. The incident underscores ongoing risks in third-party integrations and the critical need for robust authentication controls.

Jones Day Hit by Phishing Attack, Client Data Accessed in Breach Claimed by Cybercriminal Group Global law firm Jones Day confirmed a phishing attack in which hackers accessed files belonging to 10 clients, a breach later claimed by the cybercriminal group Silent. The incident, disclosed on Monday, involved unauthorized access to a limited set of dated client documents, according to a statement from spokesperson Dave Petrou. All affected clients have since been notified, though their identities remain undisclosed. Silent, a known extortion-focused threat group, listed Jones Day as a victim on its dark web leak site, taking credit for the attack. The firm, which has previously faced cybersecurity incidents including a 2021 breach with undisclosed details represents high-profile clients such as Goldman Sachs, McDonald’s, and General Motors. No further information on the scope of the compromised data or the timeline of the attack has been released. The incident underscores the persistent targeting of legal firms by cybercriminals seeking sensitive corporate information.

ShinyHunters Threatens ZenBusiness with Data Leak Deadline The notorious ransomware group ShinyHunters has issued a "final warning" to ZenBusiness, a U.S.-based platform supporting small businesses with LLC formation, compliance, and back-office tools. The group threatened to leak terabytes of stolen data and create "several annoying (digital) problems" if a ransom is not paid by March 25. Security researchers believe ShinyHunters gained access through vishing (voice phishing), impersonating IT staff to trick employees into granting remote access. Once inside, the group likely compromised platforms like Salesforce or Snowflake to exfiltrate sensitive data potentially including customer PII, employee records, and internal operations details, which could undermine ZenBusiness’s competitive edge. ZenBusiness, which serves freelancers, startups, and small businesses with an estimated $75 million in annual revenue, is the latest in a string of ShinyHunters targets. Recent victims include Infinite Campus (11 million affected), Telus Digital, Wynn Resorts, and Crunchyroll, highlighting the group’s aggressive and persistent campaign. The breach remains unconfirmed by ZenBusiness, but researchers warn of potential exposure risks.

ShinyHunters Exploits Salesforce Experience Cloud Misconfigurations in Large-Scale Data Theft The hacking group ShinyHunters has claimed responsibility for stealing data from approximately 100 major companies by exploiting misconfigurations in Salesforce’s Experience Cloud platform. According to reports, the group accessed information from around 400 websites and organizations, including high-profile targets like Snowflake, Okta, LastPass, Sony, AMD, and Salesforce itself. Salesforce confirmed that a "known threat actor group" is actively scanning public-facing Experience Cloud sites portals used for customer, partner, and employee interactions due to overly permissive guest user configurations. The company clarified that the issue stems from customer-defined guest user profiles, not a vulnerability in Salesforce’s core platform. ### How the Attack Works Experience Cloud sites can be configured to allow guest users (unauthenticated visitors) to view public pages and submit forms. However, if these guest profiles are granted excessive permissions, attackers can query and extract CRM data that was never intended to be public. ShinyHunters reportedly used a modified version of AuraInspector, an open-source tool originally designed by Mandiant to detect misconfigurations in Salesforce’s Aura endpoints. The altered tool enables mass scanning of public-facing sites, extracting data when guest permissions are too broad. ### ShinyHunters’ Track Record Active since 2019, ShinyHunters has been linked to numerous high-profile breaches, often employing "pay or leak" tactics demanding ransoms to prevent data exposure. Recent incidents include the 2024 Snowflake breach, as well as attacks on universities and consumer platforms, leveraging phishing, social engineering, and SaaS misconfigurations. ### The Broader Risk of Misconfiguration This incident highlights a persistent cybersecurity challenge: misconfiguration remains a leading attack vector. While SaaS platforms like Salesforce offer robust security controls, human error in permission settings can expose sensitive data. Experience Cloud’s flexibility designed for public-facing portals becomes a liability when guest user profiles are improperly configured, allowing unauthorized access to CRM records. ### Salesforce’s Response & Mitigation Steps Salesforce has urged customers to: - Audit guest user permissions across all Experience Cloud sites. - Set default external access to "private" to block unauthenticated queries. - Disable guest access to public APIs and remove API-enabled permissions from guest profiles. - Monitor logs for unusual activity, such as large-scale scanning attempts. The incident underscores the need for ongoing security reviews rather than one-time configurations, as cloud environments evolve and threat actors refine their tactics. With regulatory scrutiny and reputational risks escalating, enterprises must treat access control and governance as continuous priorities.

Cybersecurity Alert: Major Data Breach Exposes Millions of Records in Third-Party Vendor Compromise A significant data breach has come to light after a third-party vendor, Snowflake, a cloud-based data warehousing company, fell victim to a targeted cyberattack. The incident, first detected in late May 2024, has exposed sensitive information belonging to multiple high-profile organizations, including Ticketmaster, Santander Bank, and Advance Auto Parts. Attackers exploited stolen credentials to gain unauthorized access to Snowflake customer accounts, leveraging infostealer malware previously deployed on contractor systems. While Snowflake has stated that its platform itself was not breached, the compromise of customer credentials enabled threat actors to exfiltrate vast datasets. Ticketmaster confirmed that 560 million customer records, including names, payment details, and contact information, were stolen. Santander Bank reported that data from 30 million customers and employees primarily in Chile, Spain, and Uruguay was compromised, while Advance Auto Parts disclosed the theft of 3 terabytes of data, including employee and customer information. Cybersecurity firm Mandiant, investigating the breach, linked the attack to a financially motivated threat group known as UNC5537, which has been active since at least 2020. The group is suspected of selling the stolen data on underground forums, raising concerns about potential follow-on attacks, including phishing and fraud. The incident underscores the growing risks of supply chain vulnerabilities, particularly when third-party vendors lack robust authentication measures. While Snowflake has urged customers to enforce multi-factor authentication (MFA) and review access logs, the breach highlights the cascading impact of credential-based attacks in cloud environments. Affected organizations are now facing regulatory scrutiny, potential legal action, and reputational damage as they work to mitigate fallout.

Cybercrime in 2025: A Global Threat Surpassing National Economies Cybercrime continues to escalate into one of the world’s most lucrative illicit industries, with damages projected to reach $10.5 trillion USD globally in 2025 a figure that, if measured as a country, would rank as the third-largest economy after the U.S. and China. This staggering growth, driven by increasingly sophisticated attacks, underscores the evolving threat landscape as cybercriminals target businesses, governments, and individuals with alarming efficiency. ### The Cybercrime Epidemic: Key Trends - Underreporting Persists: Despite improved reporting practices, less than 25% of global cybercrimes are reported to law enforcement, leaving vast swaths of criminal activity unaddressed. - Youth-Driven Threats: The FBI reports that cybercriminals are getting younger, with the average age of arrested offenders dropping a trend that complicates traditional law enforcement approaches. - Hotspots Identified: A 2024 World Cybercrime Index ranked Russia, Ukraine, China, the U.S., Nigeria, and Romania as the top sources of cybercrime, highlighting concentrated hubs of malicious activity. ### Ransomware: A Pervasive Threat Ransomware remains a dominant force, with attacks increasing 9% year-over-year in 2024. The most active groups Akira, LockBit, RansomHub, FOG, and PLAY targeted critical infrastructure, with 88% of small-to-midsized businesses (SMBs) and 39% of large enterprises experiencing breaches. The financial toll is staggering: - $20 billion USD in 2021 (up from $325 million in 2015). - Projected to exceed $265 billion by 2031, with attacks occurring every 2 seconds by 2031. High-profile incidents in 2024–2025 include: - UnitedHealth’s $1.6 billion loss after a ransomware attack disrupted U.S. healthcare payments. - CDK Global’s auto dealership shutdowns, forcing businesses offline for days after a ransom demand in the tens of millions. - MGM Resorts’ $100 million hit from a 2023 attack that crippled casino operations. ### Cryptocurrency Crime: A Booming Black Market Cryptocurrency-related crimes surged, with $28 billion in illicit funds flowing into exchanges over two years. Key developments: - Ripple co-founder Chris Larsen lost $112.5 million in a 2024 hack one of the largest individual crypto thefts. - Huione, a Cambodian marketplace, processed $70 billion in suspicious transactions since 2021, facilitating scams, fraud, and sanctioned activities. - North Korea’s Lazarus Group was linked to the $625 million Axie Infinity hack (2022), the largest crypto theft to date. ### Major Breaches and Supply-Chain Attacks 2024–2025 saw a wave of supply-chain and cloud-based attacks, exposing vulnerabilities in interconnected systems: - Snowflake Breach: Hackers exploited stolen credentials to access 560 million Ticketmaster records and Live Nation data, prompting a federal investigation. - Salesforce Exploits: The ShinyHunters gang breached dozens of companies, including Google, Allianz, and Toyota, by targeting cloud databases. - MOVEit Hack: The Clop ransomware group compromised 2,600+ organizations, including U.S. government agencies and global corporations. - Oracle Cloud Attack: Over 100 companies were affected by a campaign targeting Oracle’s business software, with damages still being tallied. ### Historic Cyberattacks: Lessons from the Past The report highlights landmark cyber incidents that reshaped security paradigms: - Equifax (2017): 147 million records exposed, including Social Security numbers, due to an unpatched vulnerability. - NotPetya (2017): A $10 billion attack originating in Ukraine, crippling Maersk, Merck, and global supply chains. - WannaCry (2017): Infected 200,000 systems across 150 countries, demanding Bitcoin ransoms. - Stuxnet (2010): A U.S.-Israeli cyberweapon that sabotaged Iran’s nuclear centrifuges. - Heartbleed (2014): A catastrophic OpenSSL flaw that exposed 500,000 servers to data theft. ### The Future of Cybersecurity While AI-driven defenses have reduced breach containment times to 241 days (the lowest in nine years), the same technologies are being weaponized by attackers. With 60% of global data now stored in the cloud and 6 billion internet users by 2025, the attack surface continues to expand. Small businesses remain particularly vulnerable 60% fold within six months of a cyberattack. As cybercrime evolves, the economic and operational risks demand heightened vigilance, though the battle against digital threats shows no signs of slowing.

Millions of AT&T customers may be entitled to receive up to $7,500 after the company was ordered to pay $177 million in a settlement related to two major data breaches. The deadline to submit claims has been extended to December 18, 2025, giving customers additional time to apply.

Fallen DNA testing firm 23andMe won court approval of a bankruptcy plan that includes settlements to provide up to $62 million to resolve thousands of data breach claims. Judge Brian C. Walsh of the US Bankruptcy Court for the Eastern District of Missouri approved the plan in a Wednesday order, overruling most creditor objections and challenges from data breach victims. Many of those former customers’ objections were deemed moot or premature, and several of them didn’t appear at a court hearing on the plan. Objections from the Justice Department’s bankruptcy watchdog and a coalition of state attorneys general were resolved ...

AT&T is facing a $177 million class-action settlement following two alleged data breaches where sensitive customer data was exposed and released on the dark web. The breach involved highly sensitive personal information, including financial details, Social Security numbers, and other critical customer data. The leaked data poses significant risks, such as identity theft, financial fraud, and long-term reputational damage for affected individuals. Customers were advised to change passwords, enable two-factor authentication (2FA), monitor financial transactions, and consider freezing their credit to mitigate potential misuse. The breach underscores the severe consequences of unauthorized access to customer data, particularly when such information is traded or exploited on illicit platforms like the dark web.

The ransomware group ShinyHunters (Scattered Lapsus$ Hunters) breached Salesforce by exploiting stolen OAuth tokens from Salesloft Drift’s AI chatbot integration, compromising 1.5 billion records across 760 companies (including Cisco, Disney, and Marriott). The leaked data includes PII (names, DOBs, passports, employment histories), shipping details, chat transcripts, flight records, and car ownership data—validated by cybersecurity researchers. Attackers first infiltrated Salesloft’s GitHub repository, extracting private source code and OAuth tokens, then laterally moved to Google Workspace, Microsoft 365, and Okta platforms of victims. The group demanded separate ransoms from Salesforce and listed 39 high-profile victims on a darkweb leak site, pressuring them to pay under threat of full data exposure. The attack leveraged social engineering (vishing, phishing, IT impersonation) to trick employees into granting access, highlighting vulnerabilities in third-party supply-chain integrations and weak 2FA/OAuth security controls.

The Clop ransomware gang exploited a zero-day vulnerability in Oracle’s E-Business Suite, a critical enterprise software used for managing customer data, HR files, and corporate operations. The attack, active since at least July 10, allowed hackers to steal significant amounts of sensitive data, including personal information of corporate executives and employees, as well as customer data from affected organizations. Oracle initially claimed the vulnerabilities were patched, but later confirmed the zero-day flaw enabled remote exploitation without authentication, meaning attackers could breach systems without credentials.Google’s security researchers revealed that dozens of organizations were compromised, with the Clop gang using the stolen data for extortion campaigns. The group has a history of mass-hacking via unpatched vulnerabilities in file transfer tools (e.g., MOVEit, GoAnywhere), amplifying risks of large-scale data leaks. Oracle’s delayed acknowledgment and the ongoing exploitation of the flaw suggest prolonged exposure, increasing potential damage to financial records, executive identities, and corporate intellectual property.

AT&T experienced two distinct cyber incidents leading to a $177 million settlement. The first breach exposed sensitive personal data of customers, while the second involved call and text logs tied to the Snowflake ecosystem. Affected individuals—current or past customers—may qualify for up to $7,500 in compensation, split between two funds: $149M for compromised personal data and $28M for exposed communication logs. Claims require documentation of out-of-pocket losses (e.g., fraud fees, identity protection costs, ID replacement). The breach enabled risks like identity theft, phishing, and account takeovers, with telecom data (merging identity and call/text details) being highly sensitive. The extended filing deadline allows more victims to submit claims, but payments depend on claim volume and strength. The settlement underscores the financial and reputational fallout from large-scale data exposures in the telecom sector.

Vercel Breach Exposes Customer Credentials via Third-Party AI Tool Cloud hosting platform Vercel recently disclosed a security breach stemming from a compromised third-party AI tool. The incident, which occurred after an employee connected a Google Workspace OAuth app developed by Context AI to their corporate account, allowed threat actors to access internal systems. Vercel confirmed that a "limited subset of customers" had credentials exposed, though the company stated that those not contacted were unaffected. The breach did not impact Vercel’s popular open-source projects, including Next.js and Turbopack, but the hacker claiming responsibility under the alias "ShinyHunters" allegedly gained access to employee accounts, API keys (including NPM and GitHub tokens), and source code. The stolen data is reportedly being sold on hacking forums. The attack highlights the growing risk of supply chain compromises targeting developer tools and third-party integrations. Vercel has since implemented additional security measures and monitoring to mitigate further exposure. While the company has not verified all of the hacker’s claims, the incident underscores the increasing sophistication of attacks leveraging OAuth-based applications.

AT&T deadline to file in part of a $177 million settlement is fast approaching. AP The deadline to file a claim in the massive $177 million AT&T data breach settlement is approaching fast. Eligible customers have about two weeks left to submit their claims before the Dec. 18 cutoff. The settlement stems from two AT&T data breaches in 2024, which occurred just months apart and exposed personal information for millions of current and former customers. What happened The first breach, in March 2024, leaked addresses, dates of birth, billing account numbers, passcodes, and Social Security numbers belonging to 7.6 million current and 65.4 million former AT&T customers. According to the settlement website, this information was released on the dark web. The second breach, in July 2024, exposed call and text records for about 110 million customers between 2022 and 2023. These records were “illegally downloaded from our workspace on a third-party cloud platform,” the settlement states. Multiple lawsuits followed, later consolidated and resolved with a settlement in the U.S. Northern District Court of Texas. How much money could you receive? Customers affected by either breach can file a claim, but payouts vary depending on which incident impacted them. Those affected by both breaches may qualify for up to $7,500. For those involved in the first breach, class members receive up to $5,000 if they can show the losses are “fairly traceable to the AT&T 1 Data Incident.” Remaini

For much of the summer, Snowflake, a cloud data storage provider, was targeted by a series of data breaches affecting over 165 customers, exposing hundreds of millions of records. These customers included large corporations such as AT&T, Santander, and Live Nation Entertainment. Despite the breach's extensive reach, Snowflake has since implemented mandatory multifactor authentication. The disruptions caused by these incidents highlight the importance of robust cybersecurity practices.

AT&T faced two major data breaches in 2024 (March and July), exposing millions of customers' personal information, including Social Security numbers, birthdates, and phone records. The March incident involved leaked AT&T-specific fields on the dark web, while the July breach saw cybercriminals illegally download limited customer data. The breaches left customers vulnerable to identity theft and fraud, leading to a $177 million settlement—one of the largest in the telecom sector. The settlement covers current and former customers, offering compensation (up to $7,500 per person), free credit monitoring, and identity theft protection. AT&T denied wrongdoing but agreed to the settlement to avoid litigation, while committing to enhanced security measures like improved encryption and monitoring. The case highlights systemic vulnerabilities in telecom security, with regulatory bodies like the FCC and FTC likely to impose stricter breach notification rules and penalties.

Snowflake faced a supply chain breach involving theft of customer credentials by ShinyHunters via a third-party contractor's employee. Affected clients like Ticketmaster and Santander lacked multifactor authentication, comprising over 160 companies' data.

AT&T might owe you $7,500 for that data breach mess. Here's how to get paid. wdstock/Getty Images Millions of AT&T customers were horrified in 2024 to discover that their personal information had been exposed in a pair of serious data breaches. Following a court case, the company has been ordered to pay $177 million in a substantial settlement. If you're an affected customer, you may be eligible for compensation of up to $7,500. For all the procrastinators out there, a court just extended the deadline. You now have until Dec. 18, 2025, to submit your claim. That means you only have two weeks left. If you were affected by one or even both of the breaches, you're eligible for a payout. But this could be your final notice. The deadline is firm, and you don't want to miss this opportunity. Here's everything you need to know about how to file your claim and how much cash you could get. Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source. What were these data breaches at AT&T? The two data breaches related to AT&T's current $177 million settlement occurred in 2019 and 2024, although the company didn't acknowledge the 2019 breach until March 2024, weeks after it detected customer data spreading on the dark web. The 2019 breach involved personal data, including Social Security numbers, birth dates and legal names, and it affected 7.6 million current AT&T customers and 65.4 million former account holders. Soon after the discl

Snowflake, a cloud-based data warehousing company, suffered a series of breaches in 2023 due to browser-based credential phishing attacks targeting its customers. Attackers exploited Adversary-in-The-Middle (AiTM) phishing kits to bypass multi-factor authentication (MFA) and harvest login credentials from employees of Snowflake’s client organizations. The stolen credentials were then used to access Snowflake customer accounts, exfiltrate sensitive data, and demand ransom payments under threat of public exposure. The breach impacted multiple high-profile Snowflake customers, including ticketing platforms, financial institutions, and telecom companies, leading to the theft of millions of customer records—such as personal identifiable information (PII), financial data, and proprietary business intelligence. While Snowflake’s core infrastructure remained uncompromised, the attack exposed critical gaps in third-party identity security, particularly around session hijacking via stolen cookies and unmonitored OAuth integrations. The incident underscored the rising threat of browser-based attacks as a primary vector for large-scale data exfiltration, with attackers leveraging obfuscated phishing pages, malicious extensions, and social engineering to bypass traditional email security controls. The financial and reputational fallout included regulatory scrutiny, customer churn, and costly incident response efforts, as affected organizations scrambled to contain the damage, rotate credentials, and implement stricter browser security measures. The breach also highlighted the broader industry challenge of securing decentralized SaaS ecosystems, where legacy authentication gaps and user behavior remain prime targets for cybercriminals.