Crunchbase confirms data breach after ShinyHunters leak millions of records

Market intelligence firm Crunchbase confirmed a data breach after hackers published files allegedly stolen from its corporate network, exposing what the attackers claim are more than 2 million records containing personal and corporate information.

The cybercrime group ShinyHunters claimed responsibility for the intrusion and said it exfiltrated data from Crunchbase systems before releasing more than 400 megabytes of compressed files online. The group published the data after the company declined to pay a ransom.

Crunchbase said it detected a cybersecurity incident involving the unauthorized exfiltration of certain documents from its network and emphasized that business operations were not disrupted. The company said the incident has been contained and its systems are secure. It also said it engaged external cybersecurity experts and notified federal law enforcement upon discovering the breach. Crunchbase acknowledged that some information has been posted online and said it is reviewing the impacted data to determine whether notifications are required under applicable laws.

Analysis of the leaked files by Alon Gal, chief technology officer at Hudson Rock, identified personally identifiable information, contracts, and other internal corporate data among the exposed materials.

The ShinyHunters leak site also lists additional alleged victims, including SoundCloud and robo-advisor Betterment, with claims that several gigabytes of data containing tens of millions of records were stolen.

SoundCloud previously disclosed a data breach in mid-December, stating that email addresses and publicly available profile information for roughly 20 percent of its users had been accessed. The company said passwords and financial data were not compromised. After the stolen files were published, SoundCloud said it was reviewing the leaked material. In a Jan. 13 update, the company said attackers had harassed users, employees, and partners but that it had not found evidence supporting claims that sensitive data had been taken.

Betterment disclosed a cybersecurity incident on Jan. 12, saying threat actors gained access to its systems through social engineering and used that access to send cryptocurrency-related scam messages to some customers.

Gal said the ShinyHunters group claimed responsibility for a recent vishing campaign targeting single sign-on services and identified Crunchbase, SoundCloud, and Betterment as victims. Identity and access management provider Okta has issued a private warning to customers about ongoing vishing attacks and published a blog post describing custom phishing kits designed for advanced voice-based social engineering. Okta said such tools have been used to target organizations including Google and Microsoft, as well as cryptocurrency services, but has not confirmed whether those campaigns are connected to the recent ShinyHunters activity.