Sophisticated Vishing Campaign Compromises Match Group Okta Credentials, Enabling ShinyHunters to Access Internal Dashboards and Leak Millions of Advertising IDs In late January 2026, the threat actor group ShinyHunters (operating…
Read MoreWhat happened in the University of Pennsylvania Breach?
February 5, 2026
ShinyHunters Compromises PennKey SSO in Sophisticated Lateral Movement Attack, Exposing Millions of Personal Records and Confidential Donor Dossiers at the University of Pennsylvania
The University of Pennsylvania breach, detected on October 31, 2025, was a sophisticated intrusion attributed to ShinyHunters (Scattered Lapsus$ Hunters). The attackers gained access by compromising a PennKey SSO account, allowing them to move laterally through systems like Salesforce and SharePoint. Before the full data dump, the group gained notoriety by weaponizing Penn’s internal tools to send offensive mass emails to over 700,000 students and alumni, turning a standard theft into a public relations nightmare.
The exfiltrated data is highly granular, containing 3,062,299 full names, 2,814,987 street addresses, 1,858,436 dates of birth, 643,833 phone numbers, and 623,964 emails. Most critically, the leak exposed donation amounts and internal dossiers on “Ultra High Net Worth” donors, including high-profile alumni like the Trump family. These files contained sensitive internal commentary and “wealth band” assessments, providing a roadmap for future social engineering attacks against the university’s donor base.
Source: DataBreach.com
Reach out to us
We’re here to answer your questions about data breaches and settlements
ShinyHunters Compromises Harvard AAD Through Sophisticated Vishing Campaign, Leaking Donor Social Graphs, Wealth Classifications, and Internal Briefing Notes In late 2025 and early 2026, the cyber-extortion group ShinyHunters (often operating…
Read More