A financially motivated cybercrime group has resurfaced its data leak operations on the dark web, reviving questions about how companies respond when extortion attempts fail and stolen information is released anyway.
A Leak Site Comes Back to Life
The cybercrime group known as ShinyHunters has resumed activity on its Tor-based data leak site, publishing material it claims was stolen from several well-known companies, including SoundCloud, Betterment and Crunchbase. The renewed postings mark a return to tactics the group has used since at least 2020, when it emerged as a prolific actor in financially motivated data theft and extortion.
ShinyHunters has built its reputation by stealing large volumes of personal and corporate data and using the threat of public exposure as leverage. When ransom demands are not met, the group typically releases portions of the data on underground forums or dedicated leak sites. Both SoundCloud and Betterment had previously confirmed security incidents, and their names reappeared on the group’s site as part of the latest update.
The Crunchbase Breach Claim
Among the newly highlighted cases, Crunchbase confirmed a data breach after ShinyHunters claimed responsibility for stealing more than two million personal records from its systems. According to the group, the incident ended with a failed extortion attempt, after which it published a compressed archive of data totaling approximately 402 megabytes.
The leak was made available through the group’s own infrastructure, following a pattern seen in earlier ShinyHunters operations. While the group has a history of exaggerating or selectively presenting stolen data, Crunchbase acknowledged that an unauthorized party had accessed and exfiltrated certain documents from its corporate network.
Company Response and Containment
Crunchbase said that its core business operations were not disrupted and that the incident had been contained. In a statement to SecurityWeek, the company said it detected a cybersecurity incident involving the exfiltration of certain documents and took immediate steps to secure its systems.
The company reported engaging external cybersecurity experts to assist with the investigation and notifying federal law enforcement authorities. According to Crunchbase, its systems are now secure, and there has been no impact on ongoing operations.
Reviewing Exposure and Legal Obligations
Crunchbase said it is reviewing the data posted online to determine the scope of the exposure and whether legal notifications are required under applicable regulations. As part of its incident response procedures, the company is assessing what information was impacted and whether affected individuals or regulators must be informed.
