Market intelligence firm Crunchbase has confirmed a data breach after hackers published files allegedly stolen from its systems.
The notorious ShinyHunters cybercrime group claims to have stolen more than 2 million records containing personal information from Crunchbase.
The hackers have made available more than 400 MB of compressed files for download on their website after the company refused to pay a ransom.
“Crunchbase detected a cybersecurity incident where a threat actor exfiltrated certain documents from our corporate network. No business operations have been disrupted by this incident. We have contained the incident and our systems are secure,” Crunchbase said in a statement to SecurityWeek.
“Upon detecting the incident we engaged cybersecurity experts to assist us and we contacted federal law enforcement. Crunchbase is aware that the threat actor posted certain information online. As part of our incident response procedures we are reviewing the impacted information to determine if any notifications are required consistent with applicable legal requirements,” it added.
Alon Gal, CTO of threat intelligence company Hudson Rock, has analyzed the leaked Crunchbase data and found personally identifiable information (PII), contracts, and other corporate data.
Other ShinyHunters hacking victims
The ShinyHunters leak website also lists SoundCloud and the robo-advisor firm Betterment, from which the hackers claim to have stolen several gigabytes of files containing tens of millions of records that include PII.
SoundCloud confirmed a data breach in mid-December, saying that email addresses and publicly available profile data belonging to roughly 20% of its users had been accessed by threat actors. Passwords and financial information were not compromised, the music streaming service said.
In a statement sent to SecurityWeek last week after the hackers published the stolen data, SoundCloud said it is reviewing the leaked files.
In an update shared on January 13, the company revealed that the hackers had been harassing users, employees, and partners, but it had found no evidence to confirm the attackers’ claims about sensitive data being stolen.
As for investment advisor Betterment, the company disclosed a cybersecurity incident on January 12, saying that threat actors had penetrated its systems through social engineering, using their access to send cryptocurrency-related scam messages to some customers.
Okta vishing
Hudson Rock’s Gal learned from ShinyHunters that the hackers claim to be behind a recent Okta SSO vishing campaign, and that Crunchbase, SoundCloud, and Betterment are among its victims.
Okta has issued a private warning to customers regarding vishing attacks. A public blog post describes custom phishing kits that enable advanced voice-based social engineering for vishing campaigns.
The identity solutions provider pointed out that such phishing kits have been used to target Google, Microsoft, Okta, and cryptocurrency services. However, it has not said whether these campaigns are linked to the recent ShinyHunters attacks.
Related: Nike Probing Potential Security Incident as Hackers Threaten to Leak Data
Related: Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses
