Shakedown Social

Dissent Doe :cupofcoffee:I tried to do a preliminary write-up on what I saw on Scattered Spider's new Telegram Channel. I would now like to go away for a few days in a spa-like retreat to recover. My post: <a href="https://databreaches.net/2025/08/09/scattered-spider-has-a-new-telegram-channel-to-list-its-attacks/" rel="nofollow noopener" translate="no" target="_blank">https://databreaches.net/2025/08/09/scattered-spider-has-a-new-telegram-channel-to-list-its-attacks/</a><a href="https://infosec.exchange/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScatteredSpider</a> <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> <a href="https://infosec.exchange/tags/Lapsus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lapsus</a>$ <a href="https://infosec.exchange/tags/Salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#Salesforce</a> <a href="https://infosec.exchange/tags/Snowflake" class="mention hashtag" rel="nofollow noopener" target="_blank">#Snowflake</a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://infosec.exchange/tags/Mandiant" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mandiant</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

Dissent Doe :cupofcoffee:"Breaking News:" The Scattered Spider kids seem to have opened their own channel on Telegram. Rude, crude, and leaking data already. Some of the redacted screenshots they have posted suggest that they may have had victims that we did not know about already.<a href="https://infosec.exchange/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScatteredSpider</a> <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> <a href="https://infosec.exchange/tags/SalesForce" class="mention hashtag" rel="nofollow noopener" target="_blank">#SalesForce</a> <a href="https://infosec.exchange/tags/AirFrance" class="mention hashtag" rel="nofollow noopener" target="_blank">#AirFrance</a> <a href="https://infosec.exchange/tags/Qantas" class="mention hashtag" rel="nofollow noopener" target="_blank">#Qantas</a> <a href="https://infosec.exchange/tags/Gucci" class="mention hashtag" rel="nofollow noopener" target="_blank">#Gucci</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/extortion" class="mention hashtag" rel="nofollow noopener" target="_blank">#extortion</a>

Dissent Doe :cupofcoffee:(exclusive):ShinyHunters sent Google an extortion demand; Shiny comments on current activitiesIn a long chat yesterday, Shiny touched on Google, France, Australia and the Qantas injunction, and the NSA's alleged attempts at voice analysis:<a href="https://databreaches.net/2025/08/08/shinyhunters-sent-google-an-extortion-demand-shiny-comments-on-current-activities/" rel="nofollow noopener" translate="no" target="_blank">https://databreaches.net/2025/08/08/shinyhunters-sent-google-an-extortion-demand-shiny-comments-on-current-activities/</a><a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> <a href="https://infosec.exchange/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScatteredSpider</a> <a href="https://infosec.exchange/tags/Salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#Salesforce</a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://infosec.exchange/tags/LVMH" class="mention hashtag" rel="nofollow noopener" target="_blank">#LVMH</a> <a href="https://infosec.exchange/tags/Qantas" class="mention hashtag" rel="nofollow noopener" target="_blank">#Qantas</a><a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@campuscodi</a> <a href="https://infosec.exchange/@lawrenceabrams" class="u-url mention" rel="nofollow noopener" target="_blank">@lawrenceabrams</a> <a href="https://mastodon.social/@zackwhittaker" class="u-url mention" rel="nofollow noopener" target="_blank">@zackwhittaker</a> <a href="https://infosec.exchange/@euroinfosec" class="u-url mention" rel="nofollow noopener" target="_blank">@euroinfosec</a> <a href="https://mastodon.social/@kevincollier" class="u-url mention" rel="nofollow noopener" target="_blank">@kevincollier</a>

Europe Says<a href="https://www.europesays.com/2312416/" rel="nofollow noopener" translate="no" target="_blank">https://www.europesays.com/2312416/</a> Airline Data Breach Warning — Air France And KLM Confirm Cyber Attack <a href="https://pubeurope.com/tags/AirFrance" class="mention hashtag" rel="nofollow noopener" target="_blank">#AirFrance</a> <a href="https://pubeurope.com/tags/Airline" class="mention hashtag" rel="nofollow noopener" target="_blank">#Airline</a> <a href="https://pubeurope.com/tags/Airlines" class="mention hashtag" rel="nofollow noopener" target="_blank">#Airlines</a> <a href="https://pubeurope.com/tags/cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberattack</a> <a href="https://pubeurope.com/tags/Data" class="mention hashtag" rel="nofollow noopener" target="_blank">#Data</a> <a href="https://pubeurope.com/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#DataBreach</a> <a href="https://pubeurope.com/tags/KLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#KLM</a> <a href="https://pubeurope.com/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> <a href="https://pubeurope.com/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> <a href="https://pubeurope.com/tags/Transport" class="mention hashtag" rel="nofollow noopener" target="_blank">#Transport</a> <a href="https://pubeurope.com/tags/travel" class="mention hashtag" rel="nofollow noopener" target="_blank">#travel</a>

Richi Jennings<a href="https://vmst.io/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> group hacked big-G and stole a load of customer data from a <a href="https://vmst.io/tags/Salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#Salesforce</a> cloud instance.This week, <a href="https://vmst.io/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> finally admitted it got socially engineered—leading to a breach of <a href="https://vmst.io/tags/CRM" class="mention hashtag" rel="nofollow noopener" target="_blank">#CRM</a> data. Yes, you read that right: Google got vished.Do the scrotes have your info? We don’t know and Google’s not saying.What’s worse is this happened a couple of MONTHS ago. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener" target="_blank">#SBBlogwatch</a>, we wonder why it took Google so long to tell us: <a href="https://securityboulevard.com/2025/08/google-breach-salesforce-shinyhunters/" rel="nofollow noopener" translate="no" target="_blank">https://securityboulevard.com/2025/08/google-breach-salesforce-shinyhunters/</a>

John LeonardGoogle and Cisco, have disclosed separate data breaches stemming from voice phishing (vishing) attacks that compromised customer information stored in cloud-based CRM systems.<a href="https://www.computing.co.uk/news/2025/security/google-and-cisco-confirm-data-breaches-linked-to-vishing" rel="nofollow noopener" translate="no" target="_blank">https://www.computing.co.uk/news/2025/security/google-and-cisco-confirm-data-breaches-linked-to-vishing</a><a href="https://mastodon.social/tags/salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#salesforce</a> <a href="https://mastodon.social/tags/cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#cisco</a> <a href="https://mastodon.social/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#google</a> <a href="https://mastodon.social/tags/shinyhunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#shinyhunters</a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/technews" class="mention hashtag" rel="nofollow noopener" target="_blank">#technews</a> <a href="https://mastodon.social/tags/UNC6040" class="mention hashtag" rel="nofollow noopener" target="_blank">#UNC6040</a>

Dissent Doe :cupofcoffee:Are Scattered Spider and ShinyHunters one group or two? And who did France arrest?It's been a wild weekend here trying to sort out the relationship between <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> and <a href="https://infosec.exchange/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScatteredSpider</a>. And then, to really blow my mind, I heard from the leader of ShinyHunters (or someone claiming to be him) and no, he's not in prison in France. If I was trolled, it's absolutely an amazingly good troll. But see what you think.<a href="https://databreaches.net/2025/08/03/are-scattered-spider-and-shinyhunters-one-group-or-two-and-who-did-france-arrest/" rel="nofollow noopener" translate="no" target="_blank">https://databreaches.net/2025/08/03/are-scattered-spider-and-shinyhunters-one-group-or-two-and-who-did-france-arrest/</a><a href="https://infosec.exchange/tags/attribution" class="mention hashtag" rel="nofollow noopener" target="_blank">#attribution</a> <a href="https://infosec.exchange/tags/arrest" class="mention hashtag" rel="nofollow noopener" target="_blank">#arrest</a> <a href="https://infosec.exchange/@lawrenceabrams" class="u-url mention" rel="nofollow noopener" target="_blank">@lawrenceabrams</a> <a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@campuscodi</a> <a href="https://mastodon.social/@zackwhittaker" class="u-url mention" rel="nofollow noopener" target="_blank">@zackwhittaker</a>

Paul ShreadWe now know who the prolific hacker “IntelBroker” allegedly is. These court filings always seem like a tutorial on how to be a better cybercriminal: Only accept payment in the most private cryptocurrencies and don’t intermingle personal and online accounts and IP addresses. <a href="https://masto.ai/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercrime</a> <a href="https://masto.ai/tags/Arrests" class="mention hashtag" rel="nofollow noopener" target="_blank">#Arrests</a> <a href="https://masto.ai/tags/BreachForums" class="mention hashtag" rel="nofollow noopener" target="_blank">#BreachForums</a> <a href="https://masto.ai/tags/Hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hackers</a> <a href="https://masto.ai/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> <a href="https://masto.ai/tags/DarkWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#DarkWeb</a> <a href="https://thecyberexpress.com/british-national-alleged-to-be-intelbroker/" rel="nofollow noopener" translate="no" target="_blank">https://thecyberexpress.com/british-national-alleged-to-be-intelbroker/</a>

Dissent Doe :cupofcoffee:As expected, more details are emerging in other news outlets about the arrest of <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a>. One detail I noted is that ShinyHunters is suspected of being responsible for the attacks on <a href="https://infosec.exchange/tags/LVMH" class="mention hashtag" rel="nofollow noopener" target="_blank">#LVMH</a>, which is the high-end brand associated with Tiffany and Dior, who both reported breaches this year. Although there had been some speculation that <a href="https://infosec.exchange/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScatteredSpider</a> might be responsible for those breaches, it appears that ShinyHunters was allegedly responsible.There have been a number of hacks this year where it is not clear -- in the absence of law enforcement confirmation -- whether a <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> has been by Scattered Spider or ShinyHunters, or whether they have collaborated with one doing the hacking and the other doing the extortion. I predict in weeks/months to come, we will be given a pretty big list of big hacks that ShinyHunters has been involved in this year. As I reported in my coverage of the PowerSchool hack and prosecution of Matthew Lane, ShinyHunters' name has been linked to that one, too, but was not named as a co-conspirator. This is where I should write "This is a developing story..." huh? <a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@campuscodi</a>

Dissent Doe :cupofcoffee:BIG news:ShinyHunters and team members arrested in France:<a href="https://www.leparisien.fr/high-tech/la-police-interpelle-cinq-hackers-francais-de-haut-vol-derriere-un-celebre-forum-de-vol-de-donnees-25-06-2025-QJTPFTDPQZAP7B25MF24YLHU6E.php" rel="nofollow noopener" translate="no" target="_blank">https://www.leparisien.fr/high-tech/la-police-interpelle-cinq-hackers-francais-de-haut-vol-derriere-un-celebre-forum-de-vol-de-donnees-25-06-2025-QJTPFTDPQZAP7B25MF24YLHU6E.php</a><a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/tags/shinyhunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#shinyhunters</a> <a href="https://infosec.exchange/tags/hollow" class="mention hashtag" rel="nofollow noopener" target="_blank">#hollow</a> <a href="https://infosec.exchange/tags/noct" class="mention hashtag" rel="nofollow noopener" target="_blank">#noct</a> <a href="https://infosec.exchange/tags/depressed" class="mention hashtag" rel="nofollow noopener" target="_blank">#depressed</a> <a href="https://infosec.exchange/tags/intelbroker" class="mention hashtag" rel="nofollow noopener" target="_blank">#intelbroker</a>

IT NewsHow ShinyHunters hackers allegedly pilfered Ticketmaster data from Snowflake - Enlarge (credit: Ric Tapia via Getty) Hackers who stole teraby... - <a href="https://arstechnica.com/?p=2032105" rel="nofollow noopener" translate="no" target="_blank">https://arstechnica.com/?p=2032105</a> <a href="https://schleuss.online/tags/shinyhunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#shinyhunters</a> <a href="https://schleuss.online/tags/ticketmaster" class="mention hashtag" rel="nofollow noopener" target="_blank">#ticketmaster</a> <a href="https://schleuss.online/tags/syndication" class="mention hashtag" rel="nofollow noopener" target="_blank">#syndication</a> <a href="https://schleuss.online/tags/snowflake" class="mention hashtag" rel="nofollow noopener" target="_blank">#snowflake</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

Brett Callow<a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> post re: the sale of <a href="https://infosec.exchange/tags/Santander" class="mention hashtag" rel="nofollow noopener" target="_blank">#Santander</a> data has been removed. The data claimed to be stolen from <a href="https://infosec.exchange/tags/Ticketmaster" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ticketmaster</a> is still for sale. <a href="https://infosec.exchange/tags/snowflake" class="mention hashtag" rel="nofollow noopener" target="_blank">#snowflake</a>

Dissent Doe :cupofcoffee:I haven't posted this on my site yet, but there have been a few developments likely related to the seizure of <a href="https://infosec.exchange/tags/BreachForums" class="mention hashtag" rel="nofollow noopener" target="_blank">#BreachForums</a>. As a preview, recall that Kantonspolizei Zürich were one of the cooperating entities in the takedown and that the seizure notice had two avatars behind bars: one was Baphomet, the other was a default avatar that has been used by a number of people, but is not the avatar of the forum owner ShinyHunters.Law enforcement has yet to issue any press release or answer any questions about the takedown. Developments:<a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> was notified by <a href="https://infosec.exchange/tags/CloudFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudFlare</a> that they had received a court order ordering CF to cancel BF's account. CF complied with the court order. (Source: ShinyHunters shared text copy of CF communication with DataBreaches)CF did not tell ShinyHunters what court had ordered that, so Shiny asked them to provide a copy of the order if there was no gag order with it, or to at least say what court ordered it so it could be appealed. They have not gotten a response from CF as yet to that request.On May 15, the same day as the takedown, Switzerland Services sent customers a notice stating, in part, that "all our network equipment and servers in Switzerland were confiscated yesterday by Swiss police due to a local prosecutor order and therefore all services in Switzerland are currently unavailable and all data can de considered as lost and compromised."ShinyHunters had previously told DataBreaches that BF has used servers and services in Switzerland. ShinyHunters has also claimed to be in Switzerland. DataBreaches does not know if that is true or not. I'll have this up on databreaches.net soon with the full message from Switzerland Services. <a href="https://infosec.exchange/tags/seizure" class="mention hashtag" rel="nofollow noopener" target="_blank">#seizure</a> <a href="https://infosec.exchange/tags/FBI" class="mention hashtag" rel="nofollow noopener" target="_blank">#FBI</a> <a href="https://infosec.exchange/tags/NCA" class="mention hashtag" rel="nofollow noopener" target="_blank">#NCA</a> <a href="https://infosec.exchange/tags/enforcement" class="mention hashtag" rel="nofollow noopener" target="_blank">#enforcement</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://infosec.exchange/@brett" class="u-url mention" rel="nofollow noopener" target="_blank">@brett</a> <a href="https://infosec.exchange/@DarkWebInformer" class="u-url mention" rel="nofollow noopener" target="_blank">@DarkWebInformer</a> <a href="https://mastodon.social/@arstechnica" class="u-url mention" rel="nofollow noopener" target="_blank">@arstechnica</a> <a href="https://mastodon.social/@campuscodi" class="u-url mention" rel="nofollow noopener" target="_blank">@campuscodi</a> <a href="https://mastodon.social/@zackwhittaker" class="u-url mention" rel="nofollow noopener" target="_blank">@zackwhittaker</a>

Graham CluleyShinyHunters suspect extradited to United States from Morocco, could face 116 years in jail if convicted.Read more in my article on the Tripwire blog:<a href="https://www.tripwire.com/state-of-security/shinyhunters-suspect-extradited-united-states" rel="nofollow noopener" target="_blank">https://www.tripwire.com/state-of-security/shinyhunters-suspect-extradited-united-states</a><a href="https://mastodon.green/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.green/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://mastodon.green/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> <a href="https://mastodon.green/tags/extradition" class="mention hashtag" rel="nofollow noopener" target="_blank">#extradition</a> <a href="https://mastodon.green/tags/shinyhunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#shinyhunters</a>

Recent searches

Search options

Administered by:

Server stats:

#shinyhunters