An operational map of data leaks, extortion, and public exposure, with a confidence level on every signal.
Updated 16m ago · 374 events · Toronto time
A post was observed on extortion infrastructure associated with BrainCipher. Impact and scope remain unconfirmed.
Historical breach catalogued by RansomLook: sisacloud.com exposing 992,887 records (148.68 M), originally indexed 2026-06-03.
Historical breach catalogued by RansomLook: cocacolaep.com exposing 13,370,207 records (2 G), originally indexed 2026-06-03.
Historical breach catalogued by RansomLook: urssaf.fr exposing 689,415 records (152.59 M), originally indexed 2026-06-03.
Historical breach catalogued by RansomLook: ultracube-mc exposing 734 records (159.27 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: starblast-mc exposing 22,917 records (8.33 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: velenhq-mc exposing 207 records (42.26 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: destinypvp-mc exposing 2,596 records (408.13 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: heavennetwork-mc exposing 1,358 records (387.06 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: averfight-mc exposing 2,008 records (777.62 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: andaria-mc exposing 6,748 records (1.41 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: darkfight-mc exposing 638 records (244.12 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: snkmcfr-maria-mc exposing 11,636 records (1.82 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: funcloud-mc exposing 256,141 records (36.99 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: venaria-mc exposing 1,654 records (348.92 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: freegen-mc exposing 9,712 records (4.38 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: odeliamc-mc exposing 6,322 records (1.1 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: taliaxcold-mc exposing 4,948 records (887.47 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: sparksmc-mc exposing 3,224 records (684.41 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: seasonsky-mc exposing 2,192 records (468.47 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: nostalgiamc-mc exposing 2,895 records (517.48 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: hardfight-mc exposing 2,044 records (784.97 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: nerdland-mc exposing 35,929 records (5.82 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: oneblock-mc exposing 14,018 records (2.38 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: xeonzia-mc exposing 1,110 records (681.62 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: stormfight-mc exposing 3,699 records (1.39 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: ytalliumnetwork-mc exposing 985 records (173.44 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: allforonesurvival-mc exposing 3,272 records (599.57 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: pixworld-mc exposing 5,592 records (1.14 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: pixelax-mc exposing 8,173 records (2.17 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: skylord-mc exposing 1,244 records (272.99 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: snkmcfr-shina-mc exposing 7,305 records (1.2 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: elitios-mc exposing 695 records (124.39 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: wizardmc-mc exposing 2,400 records (498.92 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: voltclicker-mc exposing 582 records (294.24 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: over2craft-mc exposing 4,379 records (941.11 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: legacyfight-mc exposing 5,178 records (894.01 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: soleriamc-mc exposing 15,007 records (2.92 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: ironcraft-mc exposing 7,185 records (3.49 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: energyfight-mc exposing 2,309 records (1.45 M), originally indexed 2026-05-26.
Prinz Eugen claims to have listed NEW PRINZ EUGEN SITE on its extortion site. The claim is unverified.
The Akira ransomware group claims to have breached Ntd Apparel, a Consumer Services firm, per an unverified listing on Ransomware.live.
According to RansomLook, Wallstreet claims to have listed Omax Autos on its extortion site. This claim is unverified.
PrinzEugen claims to have listed the NEW PRINZ EUGEN SITE on its extortion site for a data leak.
Qilin claims to have listed the Central Bank of Libya on its extortion site, per RansomLook; this claim is unverified.
The Gentlemen group claims to have listed MBO GmbH on its extortion site.
Dragonforce claims to have listed bits-pilani.ac.in (Education) on its extortion site. The claim is unverified.
Dragonforce claims to have listed mihana-v.com on their extortion site, according to Ransomware.live (unverified claim).
The Gentlemen listed CTM India Limited (motherson INDIA) on its extortion site, claiming to have breached the organization. This is an unverified claim.
The Gentlemen claims to have listed CTM India Limited, a manufacturing firm in India, on their extortion site.
The Gentlemen claims to have listed GIA Partners on its extortion site, per RansomLook. This is an unverified claim.
The Gentlemen claims to have listed Hooke Laboratories on its extortion site, per RansomLook, but this is unverified.
The Gentlemen claims to have listed Rowley Properties on its extortion site; the claim is unverified.
The Gentlemen group claims to have breached Canada Wide Media, a Canadian media company, according to a RansomLook extortion-site listing.
The Gentlemen claims to have listed ErgoMed on its extortion site, per RansomLook; the listing is unverified.
The Gentlemen group claims to have compromised the Royal Thai Navy Housing Cooperative, a Thai government entity. This is an unverified extortion listing.
The Gentlemen claim to have compromised International Freight Services, according to an unverified listing on RansomLook.
The Aurora ransomware group claims to have listed Dutch construction firm NTP B.V. on its extortion site; the claim is currently unverified.
The Gentlemen listed Keywest Projects on their extortion site, claiming to have breached the organization.
The CMD Organization claimed to have breached Union Tractor, an agriculture and food production company, and listed it on its extortion site.
Aurora claims to have breached the manufacturing company Kochs GmbH and lists it on its extortion site.
Aurora claims to have data from NationsBuilders Insurance Services, a financial services firm, according to an extortion-site listing on Ransomware.live.
Stormous claims to have posted an updated full data dump from jaggroup.com in an unverified extortion listing.
CMD Organization claims to have listed Wall ISD, a US education entity, on its extortion site.
Qilin claims to have listed Belz Institutions on RansomLook.
Qilin has listed Tri-tec on its extortion site, claiming to have breached the organization.
Qilin claims to have breached Taiwan Sintong Machinery Co., Ltd, a manufacturing firm, as listed on Ransomware.live.
The Qilin ransomware group claims to have compromised Sivatel Bangkok, a telecommunication firm, according to a listing on Ransomware.live.
Qilin claims to have listed Florida Engineering Services, a construction firm
INC Ransom claims to have breached jktornel, per a RansomLook extortion-site listing. The claim is unverified.
Stormous claims to have listed a full data dump from jaggroup.com on Ransomware.live.
Nova claims to have breached Lockers IT, a technology company, according to an unverified listing on Ransomware.live.
Nightspire claims to have listed Artistic Smiles, a Consumer Services organization, on its extortion site. The claim is unverified.
A post was observed on extortion infrastructure associated with Nova. Impact and scope remain unconfirmed.
Icarus claims to have breached DEADLINE MONDAY, as listed on RansomLook; the claim is unverified.
INC Ransom claims to have breached Newspaper Media Group, a consumer services firm, according to a listing on Ransomware.live.
WorldLeaks claims to have listed L'Archevque & Rivest Ltée on its extortion site, but the claim is unverified.
The Payload ransomware group claims to have breached Brazilian publisher Editora Irmãos Vitale, listing them on their extortion site.
Payload has listed Preferred Properties on its extortion site, claiming to have breached the organization.
Qilin claims to have breached Pacific Lamp & Supply, a manufacturing firm, and listed it on its extortion site (unverified).
WorldLeaks claims to have data from manufacturing firm Super Finishing.
Payload claims to have targeted financial services firm ENB Versicherungen (myenb.ch), as per an unverified extortion-site listing.
Payload ransomware group claims to have breached Qualiflex Solutions, a business services firm, as listed on Ransomware.live.
Ransomexx claims to have data from Go2Joy, a hospitality and tourism firm, per an unverified extortion listing on Ransomware.live.
Nova ransomware group claims to have breached Dosab, a manufacturing company, according to an extortion listing on Ransomware.live.
The ransomware group Nova claims to have breached business services firm Hosab, according to an unverified listing on Ransomware.live.
Unverified claim: Nova listed MIT HJERTE (healthcare) on its extortion site, claiming a breach.
Nova claims to have breached One Believing Interiors, a consumer services firm, according to an unverified extortion-site listing.
CMD Organization claims to have breached Pinnacle Re-Tec, a business services company, listing them on their extortion site.
LockBit 5 claims to have breached majorcineplex.com, a hospitality and tourism firm, per an unverified extortion listing.
LockBit 5 claims to have breached parkviewtaipei.com, a hospitality and tourism entity, as listed on Ransomware.live.
LockBit 5 claims to have breached ponce-benzo.com, as per an unverified extortion site listing on Ransomware.live.
LockBit 5 claims to have attacked parampackaging.com, a manufacturing firm, according to a listing on Ransomware.live.
LockBit 5 claims to have listed healthcare organization primelinkbio.com on their extortion site, per Ransomware.live.
LockBit 5 claims to have compromised saico.co.th, a Business Services firm. The listing is unverified.
LockBit 5 claims to have breached sanatoriodelta.com, a healthcare entity, according to an unverified listing on Ransomware.live.
LockBit 5 listed saude.mt.gov.br (Public Sector) on its extortion site, claiming a breach. The claim is unverified.
LockBit 5 claims to have listed sparkinter.com, a Technology sector company, on its extortion site.
LockBit 5 claims to have breached teleton.org.hn (healthcare), per an unverified listing on Ransomware.live.
A post was observed on extortion infrastructure associated with LockBit 5. Impact and scope remain unconfirmed.
LockBit 5 claims to have listed venelectronics.com, a manufacturing company, on their ransomware extortion site.
LockBit 5 claims to have listed weinwurm.cc on its extortion site, per Ransomware.live. This is an unverified claim.
LockBit 5 claims to have breached nundungopee.mu, per an unverified extortion listing on Ransomware.live.
LockBit 5 claims to have targeted utb.edu.vn, listed on its extortion site as an unverified breach.
Thegentlemen listed hiddenn on their extortion site, claiming to have breached the organization.
Thegentlemen claims to have listed manufacturing firm Vera Chimie Management on their extortion site via Ransomware.live, an unverified claim.
An unverified claim by Thegentlemen states they have listed Alexander Buch Bilanzbuchhalter (business services) on their extortion site.
Thegentlemen claims to have breached SGS Malaysia, a business services firm, in an unverified extortion listing.
A post was observed on extortion infrastructure associated with Thegentlemen. Impact and scope remain unconfirmed.
Thegentlemen claims to have data from Ty Thac Co, as listed on Ransomware.live, but this is an unverified claim.
Thegentlemen has listed Amigest, an agriculture and food production company, on their extortion site, claiming a breach. This claim is unverified.
Thegentlemen claims to have listed Yudu Technology on their extortion site; the claim is unverified according to Ransomware.live.
A post was observed on extortion infrastructure associated with Thegentlemen. Impact and scope remain unconfirmed.
Thegentlemen claims to have listed transportation/logistics firm Sertrans on its extortion site; the claim is unverified.
Thegentlemen claims to have breached Cofaq, as listed on Ransomware.live.
Thegentlemen claims to have breached Al Khaja Holding, a business services firm, according to an unverified listing.
CMD Organization listed Southern design RV on its extortion site, claiming to have breached the consumer services firm. This claim is unverified.
Thegentlemen claims to have breached Athens Orthopedic Clinic, a healthcare organization, according to an unverified extortion listing.
In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later publi…
Brain Cipher claims to have listed themintgaming.com on its extortion site, per RansomLook, in an unverified claim.
A post was observed on extortion infrastructure associated with Krybit. Impact and scope remain unconfirmed.
Krybit claims to have breached coemi.com.br, as listed on RansomLook's extortion site. This claim is unverified.
BrainCipher claims to have data from themintgaming.com, a consumer services firm, according to a listing on Ransomware.live. This claim is unverified.
The Krybit group has listed the business services firm www.mupras.com on its extortion site, claiming to have breached its systems.
The Gentlemen claims to have listed Athens Orthopedic Clinic on their extortion site.
Roth Industries, a manufacturing firm, was listed on Qilin's extortion site, claiming to have breached their data.
Qilin claims to have breached Sparkle Pools, a Consumer Services firm, per an unverified extortion-site listing.
Stormous claims to have a 10GB data dump from public sector org mlit.com.my (listed on Ransomware.live). Unverified claim.
The Qilin ransomware group claims to have breached construction firm PJ Daly Contracting, listing them on their extortion site.
Extortion group Nova claims to have breached Desert Micro, a technology company, according to a listing on Ransomware.live.
A post was observed on extortion infrastructure associated with Pear. Impact and scope remain unconfirmed.
Aurora claims to have breached Hagerman & Company (Business Services) in an unverified extortion site listing on Ransomware.live.
Anubis claims to have compromised KTR Real Estate Advisors, a financial services firm, in an unverified extortion site listing.
A post was observed on extortion infrastructure associated with Aurora. Impact and scope remain unconfirmed.
Icarus listed Klue.com on its extortion site, claiming to have breached the technology company.
ShinyHunters claims to have breached icsecurity.com, as listed on the RansomLook extortion site. The claim is unverified.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140…
A post was observed on extortion infrastructure associated with Cloak. Impact and scope remain unconfirmed.
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation , a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies wi…
Business services firm THL PROJECT MANAGEMENT SDN. BHD. claims to have been breached by the Qilin ransomware group, as listed on Ransomware.live.
Qilin claims to have listed Homes By J Anthony (construction) on its extortion site; the claim is unverified.
The Qilin ransomware group claims to have listed ATCOM Outsourcing, a business services firm, on its extortion site
The Pear ransomware group claims to have listed B & B Trading on its extortion site, per an unverified RansomLook entry.
Release Marine, Inc. is listed by the Pear group on RansomLook as an unverified extortion claim.
Threat actor Pear listed Kirbor Homes on its extortion site, claiming to have breached the organization, per RansomLook.
Qilin claims to have listed Skupina Don Don - GRUPO BIMBO (Agriculture and Food Production) on its extortion site.
Akira claims to have breached Berg Lilly and listed the organization on its extortion site.
The Gentlemen claims to have listed hiidden on its extortion site, per RansomLook. This is an unverified claim.
Rhysida claims an unverified breach of construction firm Lawson Roofing, per an extortion site listing
A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Bravox. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lynx. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.
The Gentlemen listed Yudu Technology on their extortion site, claiming to have breached the organization.
The Gentlemen group claims to have listed Burris MacOmber on their extortion site, per RansomLook.
The Gentlemen group claims to have listed Sertrans on its extortion site, as observed on RansomLook. This listing is unverified.
The Gentlemen claims to have listed Cofaq on their extortion site, but this claim is unverified.
The Gentlemen group claims to have breached Al Khaja Holding, based on an unverified RansomLook extortion-site listing.
LockBit 5 claims to have data from sweetome.com, listed on RansomLook's extortion site. The claim is unverified.
LockBit 5 claims to have breached probat.ag, according to an unverified listing on RansomLook.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Akira. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lynx. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Genesis. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Genesis. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with INC Ransom. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lynx. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with ShinyHunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with ShinyHunters. Impact and scope remain unconfirmed.
In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign . The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k u…
A post was observed on extortion infrastructure associated with Inc Ransom. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Ransomhouse. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Play. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Lamashtu. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Play. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Play. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Akira. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Space Bears. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Krybit. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Gunra. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Gunra. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Krybit. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Space Bears. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Ransomhouse. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Inc Ransom. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Inc Ransom. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shadowbyt3$. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Fulcrumsec. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Dragonforce. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Aurora. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Aurora. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Aurora. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Akira. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nova. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Cloak. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Cloak. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Cloak. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Icarus. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Payload. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Space Bears. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nova. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Inc Ransom. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Brain Cipher. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Brain Cipher. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.
In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been…
A post was observed on extortion infrastructure associated with Anubis. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Payoutsking. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Leaknet. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Ailock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Bavacai. Impact and scope remain unconfirmed.
In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k uniq…
In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along w…
In June 2026, the University of Nottingham was the target of a cyber attack , later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with e…
In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site . In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Sa…
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email…
In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2…
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached . Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses…
In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresse…
In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group later published the data, wh…
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign . The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part o…
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group . After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The…
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environme…
In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters , with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers…
No signals found
Try removing a filter or searching for another term.