Charter Communications Confirms Data Breach Following ShinyHunters Extortion Threat

In a recent development, U.S. telecommunications giant Charter Communications has acknowledged a data breach after being targeted by the ShinyHunters extortion group. The group threatened to release stolen data unless a ransom was paid.

Charter Communications, known for being one of the largest broadband providers in the United States under its Spectrum brand, serves millions of residential and business customers.

According to a statement released by the company, authorities have been informed about the breach, and it was confirmed that no sensitive personal customer information was compromised.

“We are following our security protocols and have alerted the appropriate authorities regarding the incident. Fortunately, no sensitive personal information or customer proprietary network information was accessed by the threat actor,” Charter stated to BleepingComputer.

ShinyHunters’ Involvement

The confirmation from Charter comes after the company’s listing on the ShinyHunters data leak site, where the attackers claimed to have obtained 40 million records containing personal information of both consumer and business customers.

ShinyHunters claimed to have breached Charter on April 1 through a voice phishing attack that compromised an employee’s Microsoft Entra account. The threat actors used this access to extract millions of consumer and business customer records from the company’s Salesforce instance.

The stolen records reportedly include customer names, email addresses, addresses, phone numbers, phone types, plan information, and some CPNI data. The threat actor also alleged to have taken customer support ticket data.

When questioned about the additional data claimed to be stolen, including some CPNI, Charter redirected back to their initial statement.

ShinyHunters has been known for conducting social engineering campaigns targeting employees and BPO agents’ accounts, gaining access to corporate SSO accounts, and extracting data from various SaaS applications to extort companies.

One of the recent targets of the group was the education technology firm Instructure, where data from millions of students was compromised, leading to outages and data theft. Instructure reportedly reached an agreement with the extortion gang, likely involving a ransom payment to prevent the public release of the stolen data.

Automated pentesting tools offer value but focus on network traversal rather than testing control effectiveness or threat detection. This guide explores the critical surfaces requiring validation in your security framework.

Download Now