Kodak confirms breach after ShinyHunters leak-site listing; June 18 deadline passed without publication

incident · incident:kodak-shinyhunters-breach

Coverage timeline

first 2026-06-20 → last 2026-06-20

Briefs

1 distinct

Sources cited

3 hosts

Sections touched

active_threats

Co-occurring entities

see Related entities below

Story timeline

2026-06-20CTI Daily Brief — 2026-06-20
active_threatsFirst coverage — ShinyHunters leak-site listing, Kodak confirmed limited access; 2.2M-record claim unverified

Where this entity is cited

active_threats1

Source distribution

bleepingcomputer.com1 (33%)
malwarebytes.com1 (33%)
securityweek.com1 (33%)

Related entities

Breach at billing processor Unimed exfiltrates ~97,600+ patient records from six German university hospitals (attribution open)
incidentincident:unimed-german-hospitals-2026×1
ShinyHunters lists Charter Communications (Spectrum), claims 42M records; Charter denies sensitive PI/CPNI exfil
incidentitem:shinyhunters-charter-spectrum-listing-42m-claim×1
ShinyHunters Oracle PeopleSoft data-theft campaign (100+ orgs, ~300 instances, education-heavy; Univ. of Nottingham confirmed)
campaigncampaign:shinyhunters-peoplesoft-2026×1
ShinyHunters — financially motivated data-theft group
actoractor:ShinyHunters×1

All cited sources (3)

Items in briefs about Kodak confirms breach after ShinyHunters leak-site listing; June 18 deadline passed without publication (1)

Kodak confirms breach after ShinyHunters leak-site listing; June 18 deadline passed without publication

From CTI Daily Brief — 2026-06-20 · published 2026-06-20 · view item permalink →

Eastman Kodak acknowledged on 17 June 2026 that "an unauthorized third party illegally gained access to a limited amount of company data," after ShinyHunters listed it on their dark-web leak site on 15 June claiming 2.2 million PII records and set an 18 June contact deadline (SecurityWeek, 2026-06-18; BleepingComputer, 2026-06-17). As of the deadline ShinyHunters had not published samples — consistent with the group's pattern of withholding proof to maximise leverage. Kodak did not disclose the access vector; ShinyHunters' 2026 campaign has leaned on misconfigured Salesforce Experience/Aura guest-user access, Oracle PeopleSoft (CVE-2026-35273) and Snowflake credential stuffing across 100+ victims, with the group claiming a 1.5-billion-record Salesforce corpus (BleepingComputer, 2026-06-17).

Defender takeaway: The Kodak claim is a leak-site listing with limited Kodak confirmation; treat the 2.2 M figure as unverified. The transferable action for CH/EU defenders is the ShinyHunters platform pattern — audit Salesforce Experience Cloud for IsGuestEnabled=true profiles with object-level access to sensitive tables, alert on high-volume SOQL from guest sessions, and enforce IP restriction on Salesforce orgs.