ShinyHunters vaza dados de clientes da Spectrum após recusa de resgate da Charter
The ShinyHunters threat actor published data belonging to approximately 13 million Spectrum customers after Charter Communications declined to pay a ransom. The breach occurred via a social engineering attack targeting a Charter employee's Microsoft Entra account, allowing attackers to export customer records from Salesforce. Exposed data includes customer names, emails, physical addresses, phone numbers, plan information, and some internal employee directory data. Charter disputes the claim that sensitive Customer Proprietary Network Information (CPNI) was stolen, but independent verification is ongoing. Customers are advised to change passwords, enable two-factor authentication, and be cautious of unsolicited contacts claiming to be from Charter or Spectrum.
AI Analysis
Technical Summary
In April 2026, ShinyHunters executed a voice phishing attack against a Charter Communications employee, compromising their Microsoft Entra credentials without breaching technical defenses. Using these credentials, attackers accessed and exported data from Charter's Salesforce instance, affecting at least 13 million Spectrum customers and nearly 10 million support tickets. The leaked data includes personal identifiers and service details primarily from Spectrum Enterprise customers. Charter denies that federally protected CPNI data was exfiltrated, a claim contested by ShinyHunters. This incident is part of a broader campaign by ShinyHunters targeting cloud identities and SaaS platforms through social engineering and data exfiltration.
Potential Impact
The breach exposed personal information of millions of Spectrum customers, including names, contact details, addresses, phone numbers, and service plans. Additionally, internal employee directory information was leaked. Although Charter denies exposure of sensitive CPNI data, the public release of this volume of customer data increases risks of phishing, identity theft, and fraud. The incident also highlights vulnerabilities in social engineering defenses and cloud identity security within Charter's environment.
Mitigation Recommendations
Charter Communications has confirmed the breach but has not indicated a specific patch since the attack exploited social engineering rather than a technical vulnerability. Customers should immediately change their account passwords and enable two-factor authentication to reduce risk. They should remain vigilant against unsolicited communications purporting to be from Charter or Spectrum. Checking exposure status via services like Have I Been Pwned is recommended. Credit freezes with major bureaus (Equifax, Experian, TransUnion) are advised to prevent fraudulent account openings. Organizations should review and strengthen social engineering defenses and cloud identity access controls. Patch status is not applicable; remediation focuses on credential security and user awareness.
ShinyHunters vaza dados de clientes da Spectrum após recusa de resgate da Charter
Description
The ShinyHunters threat actor published data belonging to approximately 13 million Spectrum customers after Charter Communications declined to pay a ransom. The breach occurred via a social engineering attack targeting a Charter employee's Microsoft Entra account, allowing attackers to export customer records from Salesforce. Exposed data includes customer names, emails, physical addresses, phone numbers, plan information, and some internal employee directory data. Charter disputes the claim that sensitive Customer Proprietary Network Information (CPNI) was stolen, but independent verification is ongoing. Customers are advised to change passwords, enable two-factor authentication, and be cautious of unsolicited contacts claiming to be from Charter or Spectrum.
Reddit Discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
In April 2026, ShinyHunters executed a voice phishing attack against a Charter Communications employee, compromising their Microsoft Entra credentials without breaching technical defenses. Using these credentials, attackers accessed and exported data from Charter's Salesforce instance, affecting at least 13 million Spectrum customers and nearly 10 million support tickets. The leaked data includes personal identifiers and service details primarily from Spectrum Enterprise customers. Charter denies that federally protected CPNI data was exfiltrated, a claim contested by ShinyHunters. This incident is part of a broader campaign by ShinyHunters targeting cloud identities and SaaS platforms through social engineering and data exfiltration.
Potential Impact
The breach exposed personal information of millions of Spectrum customers, including names, contact details, addresses, phone numbers, and service plans. Additionally, internal employee directory information was leaked. Although Charter denies exposure of sensitive CPNI data, the public release of this volume of customer data increases risks of phishing, identity theft, and fraud. The incident also highlights vulnerabilities in social engineering defenses and cloud identity security within Charter's environment.
Mitigation Recommendations
Charter Communications has confirmed the breach but has not indicated a specific patch since the attack exploited social engineering rather than a technical vulnerability. Customers should immediately change their account passwords and enable two-factor authentication to reduce risk. They should remain vigilant against unsolicited communications purporting to be from Charter or Spectrum. Checking exposure status via services like Have I Been Pwned is recommended. Credit freezes with major bureaus (Equifax, Experian, TransUnion) are advised to prevent fraudulent account openings. Organizations should review and strengthen social engineering defenses and cloud identity access controls. Patch status is not applicable; remediation focuses on credential security and user awareness.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a1f7d5ce29bf47b503e8e35
Added to database: 6/3/2026, 1:03:24 AM
Last enriched: 6/3/2026, 1:03:30 AM
Last updated: 6/3/2026, 4:20:11 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.