Crunchbase: Crunchbase Confirms Data Breach After Hacking Claims

Crunchbase Confirms Data Breach as ShinyHunters Leaks 2M Records

Market intelligence firm Crunchbase has confirmed a data breach after the ShinyHunters cybercrime group published files allegedly stolen from its systems. The hackers claim to have exfiltrated over 2 million records, including personally identifiable information (PII), contracts, and corporate data, totaling 400 MB of compressed files posted online after Crunchbase refused to pay a ransom.

In a statement to SecurityWeek, Crunchbase acknowledged the incident, confirming that a threat actor accessed certain documents from its corporate network. The company stated that no business operations were disrupted, the breach has been contained, and systems are now secure. Crunchbase has engaged cybersecurity experts and notified federal law enforcement while reviewing the leaked data to determine if legal notifications are required.

Alon Gal, CTO of threat intelligence firm Hudson Rock, analyzed the leaked data and verified the presence of sensitive information. The breach follows a pattern of recent ShinyHunters attacks, with the group also claiming breaches at SoundCloud and Betterment.

• SoundCloud confirmed a mid-December breach affecting 20% of its users, exposing email addresses and public profile data but not passwords or financial information. While the company is reviewing the leaked files, it has found no evidence supporting the hackers’ claims of additional sensitive data theft. However, the attackers have since harassed users, employees, and partners.
• Betterment, a robo-advisor firm, disclosed a January 12 cybersecurity incident where threat actors gained access via social engineering and used it to send cryptocurrency scam messages to customers.

Separately, Hudson Rock’s Gal reported that ShinyHunters claims responsibility for a recent Okta SSO vishing campaign, linking the group to attacks on Crunchbase, SoundCloud, and Betterment. Okta has issued warnings about custom phishing kits enabling advanced voice-based social engineering, though it has not confirmed a direct connection to ShinyHunters’ recent activities. The kits have been used against Google, Microsoft, Okta, and cryptocurrency services.

The incidents highlight the group’s expanding targeting of high-profile companies, with ongoing investigations into the full scope of the breaches.

Source: https://www.securityweek.com/crunchbase-confirms-data-breach-after-hacking-claims/

Crunchbase cybersecurity rating report: https://www.rankiteo.com/company/crunchbase

"id": "CRU1769440011",
"linkid": "crunchbase",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Technology, Data Analytics',
                        'name': 'Crunchbase',
                        'type': 'Market intelligence firm'},
                       {'customers_affected': '20% of users (email addresses '
                                              'and public profile data '
                                              'exposed)',
                        'industry': 'Technology, Entertainment',
                        'name': 'SoundCloud',
                        'type': 'Music streaming platform'},
                       {'industry': 'Finance, Fintech',
                        'name': 'Betterment',
                        'type': 'Robo-advisor firm'}],
 'attack_vector': 'Unknown',
 'data_breach': {'data_exfiltration': 'Yes (400 MB of compressed files posted '
                                      'online)',
                 'number_of_records_exposed': 'Over 2 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally identifiable '
                                              'information (PII)',
                                              'Contracts',
                                              'Corporate data']},
 'description': 'Market intelligence firm Crunchbase confirmed a data breach '
                'after the ShinyHunters cybercrime group published files '
                'allegedly stolen from its systems. The hackers claim to have '
                'exfiltrated over 2 million records, including personally '
                'identifiable information (PII), contracts, and corporate '
                'data, totaling 400 MB of compressed files posted online after '
                'Crunchbase refused to pay a ransom.',
 'impact': {'data_compromised': 'Over 2 million records (PII, contracts, '
                                'corporate data)',
            'downtime': 'None (no business operations disrupted)',
            'identity_theft_risk': 'High (PII exposed)',
            'legal_liabilities': 'Under review for legal notifications',
            'operational_impact': 'Contained, systems secured',
            'systems_affected': 'Corporate network'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain, Data exfiltration',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': 'Yes (refused by Crunchbase)',
                'ransom_paid': 'No'},
 'references': [{'source': 'SecurityWeek'},
                {'source': 'Hudson Rock (Alon Gal)'}],
 'regulatory_compliance': {'regulatory_notifications': 'Under review'},
 'response': {'communication_strategy': 'Statement to SecurityWeek, ongoing '
                                        'review',
              'containment_measures': 'Breach contained, systems secured',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Federal law enforcement notified',
              'third_party_assistance': 'Cybersecurity experts engaged'},
 'threat_actor': 'ShinyHunters',
 'title': 'Crunchbase Data Breach by ShinyHunters',
 'type': 'Data Breach'}