ShinyHunters

* European Commission: In March 2026, ShinyHunters hacked and leaked over 350GB of data from the EU Commission.{{Cite web |last=Gatlan |first=Sergiu |title=European Commission confirms data breach after Europa.eu hack |url=https://www.bleepingcomputer.com/news/security/european-commission-confirms-data-breach-after-europaeu-hack/ |access-date=2026-04-04 |website=BleepingComputer |language=en-us}} PII, email communications, sensitive documents, technical data, data belonging to 42 internal clients and at least 29 EU entities, and more were affected according to CERT-EU which also attributed ShinyHunters to the breach and leak.{{Cite web |date=2026-04-02 |title=European Commission cloud breach: a supply-chain compromise |url=https://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chain |access-date=2026-04-04 |website=cert.europa.eu |language=en}}

* European Commission: In March 2026, ShinyHunters hacked and leaked over 350GB of data from the EU Commission.{{Cite web |last=Gatlan |first=Sergiu |title=European Commission confirms data breach after Europa.eu hack |url=https://www.bleepingcomputer.com/news/security/european-commission-confirms-data-breach-after-europaeu-hack/ |access-date=2026-04-04 |website=BleepingComputer |language=en-us}} PII, email communications, sensitive documents, technical data, data belonging to 42 internal clients and at least 29 EU entities, and more were affected according to CERT-EU which also attributed ShinyHunters to the breach and leak.{{Cite web |date=2026-04-02 |title=European Commission cloud breach: a supply-chain compromise |url=https://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chain |access-date=2026-04-04 |website=cert.europa.eu |language=en}}

* Rockstar Games: In April 2026, ShinyHunters breached cloud-linked systems of [[Rockstar Games]] via a third-party service (Anodot → [[Snowflake Inc.|Snowflake]]), claiming to have stolen nearly 80 million records. The group issued a ransom deadline of April 14 and, after it expired, leaked portions of the data online, including internal analytics and business metrics (such as GTA Online and Red Dead Online performance data). Rockstar confirmed the breach and stated that only limited, non-material internal data was affected, with no impact on operations, services, or player data.{{Cite web |last=published |first=Mike Moore |date=2026-04-14 |title=Rockstar hackers publish 78.6 million stolen records — but many of us will be disappointed |url=https://www.techradar.com/pro/security/rockstar-hackers-publish-78-6-million-stolen-records-but-many-of-us-will-be-disappointed |access-date=2026-04-16 |website=TechRadar |language=en}}{{Cite web |title=Rockstar Games Data Breach Exposes 78M Records |url=https://www.safestate.com/post/rockstar-games-data-breach-exposes-78m-records |access-date=2026-04-16 |website=www.safestate.com |language=en}}

* Rockstar Games: In April 2026, ShinyHunters breached cloud-linked systems of [[Rockstar Games]] via a third-party service (Anodot → [[Snowflake Inc.|Snowflake]]), claiming to have stolen nearly 80 million records. The group issued a ransom deadline of April 14 and, after it expired, leaked portions of the data online, including internal analytics and business metrics (such as GTA Online and Red Dead Online performance data). Rockstar confirmed the breach and stated that only limited, non-material internal data was affected, with no impact on operations, services, or player data.{{Cite web |last=published |first=Mike Moore |date=2026-04-14 |title=Rockstar hackers publish 78.6 million stolen records — but many of us will be disappointed |url=https://www.techradar.com/pro/security/rockstar-hackers-publish-78-6-million-stolen-records-but-many-of-us-will-be-disappointed |access-date=2026-04-16 |website=TechRadar |language=en}}{{Cite web |title=Rockstar Games Data Breach Exposes 78M Records |url=https://www.safestate.com/post/rockstar-games-data-breach-exposes-78m-records |access-date=2026-04-16 |website=www.safestate.com |language=en}}

* Vercel: On April 19, 2026, cloud development platform Vercel disclosed a security incident involving unauthorized access to certain internal systems. A threat actor claiming to be affiliated with ShinyHunters posted on a hacking forum, offering to sell access keys, source code, database data, internal deployments, API keys (including NPM and GitHub tokens), and employee account details for $2 million. The actor also referenced data from internal tools like Linear as proof. Vercel attributed the breach to a compromised third-party AI tool (context.ai) whose Google Workspace OAuth app was exploited, potentially impacting a broader set of organizations. The company stated that only a limited subset of customers was affected, emphasized that sensitive environment variables were stored in a way that prevented reading (with no evidence of access), and urged users to review and rotate credentials, access tokens, and environment variables immediately. Vercel engaged incident response specialists and notified law enforcement. Note that core ShinyHunters-linked actors have reportedly denied involvement to media outlets, suggesting this may involve an impersonator or affiliate using the group's name for notoriety.

* Vercel: On April 19, 2026, cloud development platform Vercel disclosed a security incident involving unauthorized access to certain internal systems. A threat actor claiming to be affiliated with ShinyHunters posted on a hacking forum, offering to sell access keys, source code, database data, internal deployments, API keys (including NPM and GitHub tokens), and employee account details for $2 million. The actor also referenced data from internal tools like Linear as proof. Vercel attributed the breach to a compromised third-party AI tool (Context.ai) whose Google Workspace OAuth app was exploited, potentially impacting a broader set of organizations. The company stated that only a limited subset of customers was affected, emphasized that sensitive environment variables were stored in a way that prevented reading (with no evidence of access), and urged users to review and rotate credentials, access tokens, and environment variables immediately.{{Cite web |title=Vercel April 2026 security incident {{!}} Vercel Knowledge Base |url=https://vercel.com/kb/bulletin/vercel-april-2026-security-incident |access-date=2026-04-20 |website=vercel.com |language=en-us}} Vercel engaged incident response specialists and notified law enforcement. Core ShinyHunters-linked actors have reportedly denied involvement to media outlets, which suggests this may involve an impersonator or affiliate using the group's name for notoriety.

== Snowflake data hacks ==

== Snowflake data hacks ==