Concerns around corporate data security have resurfaced as a known cybercrime group returns to public activity, once again exposing stolen information after failed extortion attempts.
A financially driven cybercrime group has restarted its data leak operations on the dark web, renewing attention on how organisations handle extortion threats when negotiations collapse. The group, known as ShinyHunters, has reactivated its Tor-based leak site and begun publishing data it claims was taken from multiple well-known companies.
ShinyHunters has listed firms including SoundCloud, Betterment, and Crunchbase on its revived platform. This marks a return to methods the group has followed since at least 2020, when it became widely known for stealing large datasets and using the risk of public exposure to pressure victims into paying ransoms.
The group typically releases portions of stolen data when demands are not met. Both SoundCloud and Betterment had earlier acknowledged security incidents, and their names have now reappeared as part of the latest leak activity.
One of the most prominent claims involves Crunchbase. The company confirmed a data breach after ShinyHunters said it had stolen more than 2,000,000 personal records. The group stated that the extortion attempt failed and that it subsequently published a compressed archive of the data measuring around 402 MB.
The leaked files were distributed through ShinyHunters’ own infrastructure, consistent with its past operations. While the group has previously overstated claims, Crunchbase confirmed that an unauthorised party accessed its corporate network and exfiltrated certain documents.
In a statement shared with a security publication, Crunchbase said its core business operations were not affected and that the incident had been contained. The company said it identified a cybersecurity incident involving document exfiltration and acted quickly to secure its systems.
Crunchbase added that it engaged external cybersecurity experts to support the investigation and informed federal law enforcement authorities. The company said its systems are now secure and operating normally.
The firm is currently reviewing the data posted online to assess the full extent of exposure. It is also evaluating whether notifications are required under relevant legal and regulatory frameworks, including informing affected individuals or authorities, if necessary.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
