**Charter Communications**, a leading broadband provider operating under the Spectrum brand, has confirmed it is addressing a potential data breach. This confirmation follows claims by the **ShinyHunters** extortion group that they have stolen a significant amount of data and are threatening to leak it unless a ransom is paid. Charter stated that it is alerting authorities and currently believes that no sensitive personal customer information was compromised. "We are aware of the situation, following our security protocols and are in the process of alerting appropriate authorities," Charter told BleepingComputer. "No sensitive personal information (PI) or customer proprietary network information (CPNI) data was exfiltrated by the threat actor as a result of recent activity." ## ShinyHunters Extortion Tactics The alleged breach came to light when Charter was listed on the ShinyHunters' data leak site, with the attackers claiming to possess 40 million records containing personal information of both consumer and business customers.  ShinyHunters told BleepingComputer that they breached Charter on April 1 through a voice phishing (vishing) attack that compromised an employee's **Microsoft Entra** account. The threat actors claim to have used this access to export millions of consumer and business customer records from the company's **Salesforce** instance. The alleged stolen records reportedly contain customer names, email addresses, physical addresses, phone numbers, phone type, plan information, and some CPNI data, as well as customer support ticket data. BleepingComputer's further inquiries to Charter regarding the claims of additional data theft, including CPNI, were met with a reiteration of the company's initial statement. ## ShinyHunters' Modus Operandi Since last year, the extortion group has been actively engaged in widespread social engineering campaigns targeting employees and BPO agents' Microsoft Entra, **Okta**, and **Google** SSO accounts. Upon gaining access to a corporate SSO account, the threat actors exfiltrate data from connected SaaS applications such as Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and others. This stolen data is then leveraged to extort the victimized company, with the threat of public data release serving as leverage for ransom payments. Salesforce has been a popular target of the extortion gang, with the threat actors breaching numerous integration companies to steal OAuth tokens that can then be used to access Salesforce instances. More recently, ShinyHunters conducted multiple attacks against the education technology firm **Instructure**, resulting in Canvas outages and the theft of data from tens of millions of students. Instructure ultimately reached an "agreement" with the extortion gang, meaning it likely paid a ransom to prevent the public release of the stolen data. <div><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0"><img alt="article image" src="https://www.bleepstatic.com/c/p/validation-gap.jpg"></a> <div> <h2><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">The Validation Gap: Automated Pentesting Answers One Question. You Need Six.</a></h2> <p>Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.</p> <p>This guide covers the 6 surfaces you actually need to validate.</p> <p><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">Download Now</a></p> </div></div>