Crunchbase has confirmed a cybersecurity incident following claims by the cybercriminal group ShinyHunters, which claims to have stolen more than 2 million personal records from its systems.
ShinyHunters leaked a 402MB zip file on its Tor website, stating that the data release was due to a failed extortion attempt.
Crunchbase response to the incident
The company has issued statements confirming the security incident, although it emphasizes that its operations were not affected. Crunchbase claimed to have contained the incident and that its systems are secure.
As part of its response to the incident, Crunchbase has taken the following actions: *Hired external cybersecurity experts to investigate the incident.
- Notified federal authorities.
- You are reviewing the exposed data to determine if any legal notification to affected individuals is required.
Crunchbase told SecurityWeek: “Upon detecting the incident, we engaged cybersecurity experts to assist us and contacted federal law enforcement. Crunchbase is aware that the threat actor posted certain information online. As part of our incident response procedures, we are reviewing the impacted information to determine if notifications consistent with applicable legal requirements are required.”
About the ShinyHunters group
ShinyHunters is a financially motivated cybercriminal group that has been active since 2020. The group is known for stealing large volumes of personal and corporate data from major companies, then selling it or leaking it on underground forums if their ransom demands are not met.
The group uses compromised credentials, cloud services, and social engineering techniques to carry out its attacks. It has previously claimed responsibility for breaches that affected millions of records on high-profile platforms such as Tokopedia, SoundCloud and Betterment.
References
- Threat Group: ShinyHunters
- Company Affected: Crunchbase
- Previous ShinyHunters Incidents: SoundCloud, Betterment, Tokopedia