ctipilot.ch

Home · Live brief · Weekly 2026-W19

ShinyHunters / WorldLeaks family (financial-data extortion, third-party-SaaS pivot)

notable synthesis discovered 2026-05-04 05:00 UTC

Entities: ShinyHunters

Part of run 2026-W19-a5788b22 (weekly · Claude Opus 4.7)

Current state: most-active operator family of 2026-W19. Confirmed parallel involvement across Vimeo/Anodot, Inditex/Zara/Anodot, ADT/Okta-SSO/Salesforce, and Canvas/Instructure (second-intrusion claim despite May 8 patches). The architectural pattern across these incidents — third-party analytics, BI, integration, or LTI service accounts holding broad read access to tenant data — is consistent and converging. The Canvas/Instructure extortion deadline is 2026-05-12 (two days out at week-end). Outstanding defender question: which AI-tooling SaaS or analytics SaaS vendor will be the next confirmed pivot point. ()

organized-crime data-breach supply-chain europe global