ShinyHunters claims theft of 42m records from Charter Communications

The ShinyHunters extortion group said it breached American telecommunications and mass media company Charter Communications and stole over 42 million customer data records from the company’s systems.

 

The extortion group announced the attack on Charter Communications on 23 May, stating that it stole more than 42 million data records, including personally identifiable information, from the telecommunication giant’s systems.

 

ShinyHunters threatened on its dark web leak site that it would leak the stolen information online unless Charter Communication reached out to negotiate a ransom payment on or before 27 May. At the time of reporting, the threat group is yet to publish the stolen data online.

 

Headquartered in Stamford, Connecticut, Charter Communications offers telephone, cable, broadband internet, internet security and managed services to individuals and business customers across the United States. It is the largest cable operator in the U.S. and had a subscriber base of 32 million customers in 2022. According to Simply Wall Street, the company is projected to earn an annual revenue of $56.8 billion by 2028.

 

Following ShinyHunter’s announcement, Charter Communications said in a statement shared with BleepingComputer that it did suffer a cyber attack but the personal information of its residential and business customers was not impacted.

 

"We are aware of the situation, following our security protocols and are in the process of alerting appropriate authorities. "No sensitive personal information (PI) or customer proprietary network information (CPNI) data was exfiltrated by the threat actor as a result of recent activity," the company said.

 

The company is yet to formally announce the cyber attack through SEC filings, reports to Attorney Generals or through a press release on its website. 

 

BleepingComputer learned that the extortion group infiltrated Charter Communication’s network by carrying out a voice phishing attack targeting an employee’s Microsoft Entra account. After compromising the account on 1 April, the hackers accessed the company’s Salesforce instance and exfiltrated millions of data records to their own servers.

 

ShinyHunters told the publication that the stolen data records included Charter subscribers’ names, email addresses, billing addresses, phone numbers, and information about subscription plans and support tickets. Charter did not confirm or deny the hacker group’s claims.

 

ShinyHunters has regularly targeted major enterprises using phishing attacks to access their SaaS instances and exfiltrate vast amounts of data before demanding a ransom in exchange for not leaking the stolen data to the public. In February, the group reportedly stole up to 14 million records from American fast-food restaurant chain Panera Bread’s systems and later leaked the stolen data after the company refused to pay a ransom.