Data-Breach

ShinyHunters' Salesforce Campaign: Three Rounds, 1.5 Billion Records

ShinyHunters didn’t hack Salesforce. That distinction matters. Across three separate campaigns spanning mid-2025 through early 2026, the group — tracked by security researchers as UNC6040 and UNC6395 — systematically exploited how organizations configure, connect, and authenticate into Salesforce. The platform’s infrastructure was never the vulnerability. The integrations, the OAuth flows, and the guest user permissions were. ...

ShinyHunters defacement message displayed on Canvas login portals

Canvas Down: ShinyHunters Defaces Login Portals in Mass Instructure Extortion Campaign

The ShinyHunters extortion gang breached Instructure again, defacing Canvas login portals across hundreds of institutions and threatening to leak data on 280 million students and staff unless a ransom is paid by May 12.