**ShinyHunters Claims Breach of Cybersecurity Firm Resecurity, Leaks Internal Data**
The hacking group ShinyHunters has publicly claimed responsibility for breaching Resecurity, a U.S.-based cybersecurity company headquartered in Los Angeles. In a Telegram post shared earlier today, the group asserted full access to Resecurity’s internal systems and released screenshots as evidence.
The leaked images depict internal dashboards, user management panels, token databases, and employee communication channels, exposing sensitive data including:
- API keys and access tokens
- Internal Mattermost chat logs, including discussions on threat intelligence and client reports
- Employee details (names, email addresses, authentication tokens)
- Client lists and related information
- Threat intelligence documents and moderation logs
Analysis of the screenshots by Hackread.com revealed real-time access tokens, Firebase Cloud Messaging (FCM) user accounts, and active employee profiles with exposed credentials. Some names visible in the images were cross-referenced with LinkedIn, appearing to match Resecurity personnel.
ShinyHunters framed the attack as retaliation, accusing Resecurity of deceptive tactics—specifically, posing as buyers on dark web markets to infiltrate threat actor groups. The group referenced a prior incident involving a Vietnamese financial database, where Resecurity allegedly requested free samples under false pretenses. The post also mentioned collaboration with the Devman ransomware group and cited past breaches, including claims against CrowdStrike, as part of a broader campaign against firms they label as hypocritical.
As of now, Resecurity has not publicly confirmed the breach, and the authenticity of the claims remains unverified by third parties. If validated, this would mark ShinyHunters’ first major public breach of 2026, potentially impacting Resecurity’s clients, partners, and trust in its services—particularly if sensitive intelligence or operational data was compromised.
Resecurity, known for its work in cybercrime investigation, threat attribution, and digital forensics, has previously collaborated with government and private sector entities. Further developments are expected as the situation unfolds.
Source: https://hackread.com/shinyhunters-breach-us-cybersecurity-resecurity-firm/
Resecurity cybersecurity rating report: https://www.rankiteo.com/company/resecurity
"id": "RES1767463312",
"linkid": "resecurity",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Clients and partners of '
'Resecurity (scope unknown)',
'industry': 'Cybersecurity',
'location': 'Los Angeles, USA',
'name': 'Resecurity',
'type': 'Cybersecurity Company'}],
'attack_vector': 'Unknown (likely phishing, credential theft, or exploitation '
'of vulnerabilities)',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Employee names, email '
'addresses, '
'authentication tokens',
'sensitivity_of_data': 'High (PII, authentication tokens, '
'internal communications)',
'type_of_data_compromised': ['Internal chats',
'Client lists',
'Threat intelligence reports',
'Employee information',
'API keys',
'Access tokens']},
'description': 'The hacking group ShinyHunters claimed responsibility for '
'breaching Resecurity, a US-based cybersecurity company. The '
'group announced full access to internal systems and released '
'screenshots depicting internal dashboards, user management '
'panels, token databases, and employee communication channels. '
'Exfiltrated data includes internal chats, client lists, '
'threat intelligence reports, and employee information.',
'impact': {'brand_reputation_impact': 'High (potential loss of trust from '
'clients and partners)',
'data_compromised': 'Internal chats, client lists, threat '
'intelligence reports, employee information '
'(names, email addresses, authentication '
'tokens), API keys, access tokens',
'identity_theft_risk': 'High (employee and client PII exposed)',
'operational_impact': 'Potential compromise of cybersecurity '
'operations, threat intelligence, and client '
'trust',
'systems_affected': 'Internal dashboards, user management panels, '
'token databases, employee communication '
'channels (Mattermost)'},
'investigation_status': 'Unverified',
'motivation': 'Retaliation for alleged deceptive tactics by Resecurity, '
'including posing as buyers on dark web markets',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Hackread.com'},
{'source': 'ShinyHunters Telegram post'}],
'threat_actor': 'ShinyHunters',
'title': 'ShinyHunters Breach of Resecurity',
'type': 'Data Breach'}