CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Optimizely Data Breach After Vishing Attack

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

An ongoing wave of vishing-led breaches attributed to ShinyHunters has claimed a new victim: Aura, a digital safety firm. The attack exposed contact details of nearly 900,000 individuals, stemming from a marketing tool inherited in a 2021 acquisition. ShinyHunters claimed the theft of 12GB of files containing PII and corporate data, releasing it after failed extortion attempts. The company emphasized no SSNs, passwords, or financial data were compromised and is conducting an internal review with law enforcement involvement. Earlier in February, Optimizely disclosed a similar breach following a voice phishing attack that compromised basic business contact information. Both incidents underscore the continued exploitation of vishing tactics by ShinyHunters to gain initial access to organizations, with impacts focused on contact data rather than deeper system compromise.

Timeline

  1. 23.02.2026 20:04 2 articles · 24d ago

    Optimizely Confirms Data Breach After Vishing Attack

    On February 11, Optimizely suffered a data breach after a voice phishing attack. The attackers stole basic business contact information from internal systems and CRM records. The company warned customers about potential follow-up phishing attacks and linked the incident to the ShinyHunters extortion operation.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Figure Fintech Breach Exposes 967,200 Accounts via Social Engineering

Figure Technology Solutions, a blockchain-based fintech firm, suffered a data breach affecting nearly 1 million accounts. Hackers stole personal and contact information through a social engineering attack. The breach was attributed to the ShinyHunters extortion group, which leaked 2.5GB of data from loan applicants. The attackers impersonated IT support to trick employees into providing access to SSO accounts, gaining entry to various enterprise applications.

Open in new tab

ShinyHunters Leak 600K Canada Goose Customer Records

ShinyHunters, a data extortion group, claims to have stolen over 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose has not found evidence of a breach in its own systems but is investigating the dataset, which includes customer names, email addresses, phone numbers, billing and shipping addresses, IP addresses, and partial payment card information. The data could be used for targeted phishing, social engineering, and fraud. ShinyHunters denies any link to recent SSO attacks, claiming the data originated from a third-party payment processor breach in August 2025.

Open in new tab

Grubhub Data Breach and Extortion Attempt by ShinyHunters

Grubhub confirmed a recent data breach where unauthorized individuals accessed and downloaded data from its systems. The company stated that sensitive information such as financial data or order history was not affected. However, sources indicate that the ShinyHunters cybercrime group is extorting Grubhub, demanding Bitcoin to prevent the release of stolen Salesforce and Zendesk data. The breach is believed to be connected to stolen credentials from the recent Salesloft Drift data theft attacks.

Open in new tab

ShinyHunters Breach Affects Checkout.com Legacy Cloud Storage

Checkout.com, a global payment processing firm, disclosed a data breach involving a legacy cloud storage system compromised by the ShinyHunters threat group. The breach affected less than 25% of its current merchant base and included data from 2020 and earlier. The company refused to pay the ransom and instead plans to donate the amount to cybersecurity research at Carnegie Mellon University and the University of Oxford Cyber Security Center. The compromised data includes internal operational documents and onboarding materials. ShinyHunters is known for exploiting vulnerabilities and using social engineering tactics to extort large organizations.

Open in new tab

Crimson Collective targets multiple organizations including Red Hat and Brightspeed for data theft and extortion

The Crimson Collective has been targeting various organizations, including Red Hat and Brightspeed, for data theft and extortion. The group claims to have breached Red Hat's private GitLab repositories, stealing nearly 570GB of data across 28,000 internal projects, including 800 Customer Engagement Reports (CERs) containing sensitive information about customer networks and platforms. The breach occurred approximately two weeks prior to the announcement. The hackers claim to have accessed downstream customer infrastructure using authentication tokens and other private information found in the stolen data. The affected organizations span various sectors, including finance, healthcare, government, and telecommunications. Red Hat has initiated remediation steps and stated that the security issue does not impact its other services or products. The hackers published a complete directory listing of the allegedly stolen GitLab repositories and a list of CERs from 2020 through 2025 on Telegram. The Centre for Cybersecurity Belgium (CCB) has issued an advisory stating there is a high risk to Belgian organizations that use Red Hat Consulting services. The CCB also warns of potential supply chain impact if service providers or IT partners worked with Red Hat Consulting. The CCB advises organizations to rotate all tokens, keys, and credentials shared with Red Hat or used in any Red Hat integrations, and to contact third-party IT providers to assess potential exposure. The ShinyHunters gang has now joined the extortion attempts against Red Hat, partnering with the Crimson Collective. ShinyHunters has released samples of stolen CERs on their data leak site and has set an October 10th deadline for Red Hat to negotiate a ransom demand to prevent the public leak of stolen data. The breach is part of a series of supply chain threats involving compromised code repositories. In May 2024, threat actors exploited a critical vulnerability (CVE-2023-7028) to take over GitLab accounts. GitLab disclosed and patched two similar vulnerabilities (CVE-2024-5655 and CVE-2024-6385) that jeopardized customers' CI/CD pipelines. Nissan Motor Co. Ltd. has confirmed that information of approximately 21,000 customers has been compromised due to the Red Hat breach. The leaked data includes full names, physical addresses, phone numbers, email addresses, and customer data used in sales operations. Financial information such as credit card details was not exposed in the breach. Nissan noted that the compromised Red Hat environment does not store any other data beyond what was confirmed as impacted. Nissan has no evidence that the leaked information has been misused. This is the second cybersecurity incident for Nissan Japan this year, following a Qilin ransomware attack in late August that hit its design subsidiary Creative Box Inc. (CBI). The Crimson Collective has also claimed responsibility for a breach at Brightspeed, an ISP operating across 20 US states. The group claims to have obtained PII on over one million customers and disrupted their connectivity. The PII includes account master records, address coordinates, payment history, payment methods, and appointment/order records. The group posted samples of the data on Telegram and claimed to have disconnected users' home internet. Jacob Krell from Suzu Labs commented on the broader implications of such breaches, noting their societal and national security impact.

Open in new tab