In early April, the U.S. telecom giant Charter Communications fell victim to a cyber attack by the ShinyHunters extortion gang, resulting in the theft of personal information from 4.9 million accounts. This alarming breach was confirmed by the data breach notification service Have I Been Pwned.
Charter Communications, known for its Spectrum brand, serves over 32 million customers and more than 57 million homes in 41 states across the U.S. The company, with a workforce of 92,000 employees, offers internet, mobile, video, and voice services.
While Charter reassured that no sensitive personal information (PI) or customer proprietary network information (CPNI) data was compromised, the ShinyHunters gang claimed responsibility for the breach. They asserted that they gained access to the company’s systems through a voice phishing (vishing) attack on an employee’s Microsoft Entra account.
Despite the gang’s claims of stealing 42 million records, including customer names, email addresses, and phone numbers, Charter refuted the theft of CPNI data. The company emphasized that only sales tools related to managing business customers were impacted.
Following Charter’s refusal to pay the ransom demanded by ShinyHunters, the cybercriminal group leaked the stolen documents on their dark web leak site. Have I Been Pwned analyzed the leaked data, revealing that 4.9 million accounts were affected, with names, email addresses, job titles, phone numbers, and physical addresses being compromised.
ShinyHunters, known for targeting Salesforce customers, has executed numerous data theft attacks globally. The FBI has advised victims against meeting ransom demands, highlighting the risks of further extortion or data sale to other cybercriminals.
Notably, Charter Communications was also affected by a series of breaches orchestrated by the Chinese state-backed threat group Salt Typhoon, impacting several telecom giants such as AT&T, Verizon, and Windstream.
Update May 30, 03:23 EDT: Added Charter follow-up statement.
Automated pentesting tools offer value in assessing network vulnerabilities, but they may not fully test your security controls. Learn about the essential surfaces to validate for robust cybersecurity measures.
Download our comprehensive guide now to secure your digital assets.
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
