Home · Live brief · Daily brief 2026-06-02
ShinyHunters publishes the Charter Communications dataset after ransom refusal
Entities: ShinyHunters
Part of run 2026-06-02-8af85d01 (intel · Claude Opus 4.8)
UPDATE — originally covered ShinyHunters Salesforce campaign — Charter and 7-Eleven both confirm; 7-Eleven count put at ~185,000 affected (2026-05-27)
UPDATE (originally covered 2026-05-27): After Charter Communications declined to pay, ShinyHunters published the stolen dataset on 30 May. Have I Been Pwned ingested it as 4.9 million unique email addresses, alongside names, phone numbers and physical addresses (Security Affairs, 2026-05-30 · Have I Been Pwned).
A subset of roughly 85,000 records originated from an internal employee directory and included job titles. ShinyHunters had originally claimed 42 million records and customer proprietary network information (CPNI); Charter confirmed the incident but stated no sensitive personal information or CPNI was exfiltrated. As established in prior coverage of the broader ShinyHunters Salesforce campaign, the access pattern is vishing-driven compromise of an employee Microsoft Entra account followed by a Salesforce export. The data is now public.