Crunchbase has officially confirmed a security breach following the unauthorized publication of corporate data by the cybercrime group ShinyHunters. The hackers claim to have exfiltrated over 2 million records and released a significant volume of compressed files after the company declined to meet their ransom demands.
Crunchbase recently detected a cybersecurity incident involving the exfiltration of documents from its corporate network. The company reported that no business operations were disrupted and stated that the situation has been contained with systems now secured. Upon discovery, they engaged cybersecurity experts and notified federal law enforcement to assist with the investigation. The firm is currently reviewing the leaked data to determine if specific legal notifications are required for those impacted.
Independent analysis by threat intelligence experts has confirmed that the leaked files contain sensitive information, including personally identifiable data and various corporate contracts. This breach appears to be part of a broader campaign by the ShinyHunters group, which has also targeted other high-profile organizations. The group typically utilizes a leak website to distribute stolen data when companies refuse to pay for the return or destruction of the information.
SoundCloud and the investment firm Betterment have also been listed as victims by the same hacking collective. SoundCloud previously confirmed that a portion of its user base had email addresses and profile data accessed, though they noted that financial information and passwords remained secure. While the hackers claim to have stolen massive amounts of sensitive data from these platforms, the companies have been working to verify these claims and mitigate the harassment of their users and employees.
The breach at Betterment reportedly involved social engineering techniques that allowed attackers to send fraudulent messages to customers. These incidents highlight a growing trend of vishing and sophisticated social engineering campaigns used to bypass traditional security measures. Industry experts have linked these specific breaches to broader efforts to compromise corporate identity and access management systems through targeted deception.
Security providers have issued warnings about advanced phishing kits designed to facilitate these voice-based social engineering attacks. While some major tech firms have been identified as targets for these specific kits, investigators are still working to confirm the full extent of the connections between these various campaigns. The situation serves as a reminder of the persistent threats facing market intelligence and financial service providers in the current digital landscape.
Source: Crunchbase Confirms Data Breach Following Recent Hacking Claims