Market intelligence firm Crunchbase has confirmed that it suffered a cybersecurity incident after threat actors claimed to have stolen and leaked data from its internal systems, raising fresh concerns about the growing scale and sophistication of organized cybercrime campaigns targeting technology and financial sector firms.
According to information shared by the company, Crunchbase detected unauthorized activity involving the exfiltration of certain documents from its corporate network. The company said that no disruption to business operations was caused by the incident and that the breach had been contained, with systems secured following the discovery. The cybercrime group ShinyHunters has taken responsibility for the intrusion and claims to have stolen more than two million records containing personal information. After Crunchbase declined to pay a ransom demand, the group published more than 400 megabytes of compressed files for public download on its leak platform. In a statement provided to SecurityWeek, Crunchbase said it engaged external cybersecurity experts immediately after detecting the incident and also contacted federal law enforcement authorities. The company acknowledged that the attackers had posted some information online and said it was reviewing the affected data to determine whether notifications would be required under applicable legal and regulatory obligations.
Analysis of the leaked material by Alon Gal, chief technology officer of threat intelligence firm Hudson Rock, indicates that the exposed files contain personally identifiable information along with contracts and internal corporate documents. While the full scope of the compromised data is still being assessed, the presence of such material has intensified scrutiny of how attackers were able to access sensitive systems and extract large volumes of information. The incident adds Crunchbase to a growing list of high profile organizations linked to ShinyHunters activity, a group that has previously claimed responsibility for breaches affecting multiple well known platforms. Security researchers note that data stolen from corporate intelligence firms can be particularly valuable due to the aggregation of business, financial, and personal records in centralized databases.
The ShinyHunters leak site also lists SoundCloud and robo advisor firm Betterment among its alleged victims, with claims that several gigabytes of files containing tens of millions of records were stolen from these companies. SoundCloud confirmed a data breach in mid December, stating that email addresses and publicly available profile information belonging to roughly 20 percent of its users had been accessed by threat actors. The company said that passwords and financial details were not compromised. After the stolen files were published online, SoundCloud said it was reviewing the leaked data and later disclosed that attackers had been harassing users, employees, and partners. However, the company reported that it had not found evidence supporting claims that highly sensitive information had been taken. Betterment, meanwhile, disclosed a cybersecurity incident on January 12, explaining that threat actors gained access through social engineering techniques. The attackers reportedly used that access to send cryptocurrency related scam messages to some customers, prompting the firm to take immediate remedial action.
Further insight into the broader campaign emerged after Hudson Rock’s Gal said ShinyHunters claimed responsibility for a recent Okta single sign on vishing operation. The group reportedly linked the Crunchbase, SoundCloud, and Betterment incidents to this activity. Okta has since issued private warnings to customers about voice based phishing attempts and published guidance describing customized phishing kits designed to support advanced vishing campaigns. These kits, according to Okta, have been used to target major technology providers and cryptocurrency services, though the company has not publicly confirmed a direct connection between these attacks and ShinyHunters. The developments highlight how data breaches, social engineering, and identity based attacks are increasingly interconnected, posing complex challenges for organizations seeking to protect user and corporate information.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
