ShinyHunters Extortion Attack Exposes 200K Aman Records in Data Leak
This week, the luxury hospitality group Aman fell victim to a "pay or leak" extortion scheme orchestrated by the cybercriminal group ShinyHunters, resulting in the public release of over 200,000 email addresses and sensitive customer data. The leaked information included names, physical addresses, phone numbers, nationalities, and VIP statuses, exposing high-profile guests to potential identity theft and targeted attacks.
According to analysis, 74% of the compromised email addresses were already indexed on LinkedIn, increasing the risk of phishing and social engineering campaigns. The breach highlights the growing trend of double-extortion tactics, where threat actors not only encrypt data but also threaten to publish it unless a ransom is paid.
The incident underscores the persistent threat posed by financially motivated cybercriminals to high-value targets in the hospitality sector, where customer privacy is a critical concern. No details on whether Aman complied with the extortion demand have been disclosed.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7455824054055247872
Aman TPRM report: https://www.rankiteo.com/company/amanresorts
"id": "ama1777609437",
"linkid": "amanresorts",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '200,000',
'industry': 'Hospitality',
'name': 'Aman',
'type': 'Luxury hospitality group'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '200,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Email addresses',
'Names',
'Physical addresses',
'Phone numbers',
'Nationalities',
'VIP statuses']},
'description': 'This week, the luxury hospitality group Aman fell victim to a '
"'pay or leak' extortion scheme orchestrated by the "
'cybercriminal group ShinyHunters, resulting in the public '
'release of over 200,000 email addresses and sensitive '
'customer data. The leaked information included names, '
'physical addresses, phone numbers, nationalities, and VIP '
'statuses, exposing high-profile guests to potential identity '
'theft and targeted attacks. According to analysis, 74% of the '
'compromised email addresses were already indexed on LinkedIn, '
'increasing the risk of phishing and social engineering '
'campaigns. The breach highlights the growing trend of '
'double-extortion tactics, where threat actors not only '
'encrypt data but also threaten to publish it unless a ransom '
'is paid.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '200,000 email addresses and sensitive '
'customer data',
'identity_theft_risk': 'High'},
'lessons_learned': 'The breach highlights the growing trend of '
'double-extortion tactics, where threat actors not only '
'encrypt data but also threaten to publish it unless a '
'ransom is paid. High-value targets in the hospitality '
'sector are at persistent risk from financially motivated '
'cybercriminals.',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes'},
'threat_actor': 'ShinyHunters',
'title': 'ShinyHunters Extortion Attack Exposes 200K Aman Records in Data '
'Leak',
'type': 'Extortion'}