Abrigo Hit by ShinyHunters Breach, Exposing 700K+ Email Addresses
In a recent cyberattack, financial software provider Abrigo was targeted by the hacking group ShinyHunters last month. The threat actors subsequently leaked over 700,000 unique email addresses, allegedly stolen from Abrigo’s Salesforce instance. The exposed data also included business contact information, raising concerns about potential phishing and social engineering risks.
Analysis revealed that 57% of the compromised email addresses were already linked to LinkedIn profiles, increasing the likelihood of targeted follow-up attacks. The breach highlights vulnerabilities in third-party cloud services and the ongoing threat posed by cybercriminal groups specializing in data exfiltration.
No further details on the attack vector or Abrigo’s response have been disclosed. The incident underscores the persistent risks of unauthorized access to enterprise SaaS platforms.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7460534991366746112
Abrigo cybersecurity rating report: https://www.rankiteo.com/company/weareabrigo
Salesforce cybersecurity rating report: https://www.rankiteo.com/company/salesforce
"id": "WEASAL1778732635",
"linkid": "weareabrigo, salesforce",
"type": "Vulnerability",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'name': 'Abrigo',
'type': 'Financial software provider'}],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '700,000+',
'personally_identifiable_information': 'Email addresses, '
'business contact '
'information',
'sensitivity_of_data': 'High (linked to LinkedIn profiles)',
'type_of_data_compromised': ['Email addresses',
'Business contact information']},
'description': 'In a recent cyberattack, financial software provider Abrigo '
'was targeted by the hacking group ShinyHunters last month. '
'The threat actors subsequently leaked over 700,000 unique '
'email addresses, allegedly stolen from Abrigo’s Salesforce '
'instance. The exposed data also included business contact '
'information, raising concerns about potential phishing and '
'social engineering risks. Analysis revealed that 57% of the '
'compromised email addresses were already linked to LinkedIn '
'profiles, increasing the likelihood of targeted follow-up '
'attacks. The breach highlights vulnerabilities in third-party '
'cloud services and the ongoing threat posed by cybercriminal '
'groups specializing in data exfiltration.',
'impact': {'brand_reputation_impact': 'Potential phishing and social '
'engineering risks',
'data_compromised': '700,000+ unique email addresses, business '
'contact information',
'systems_affected': 'Salesforce instance'},
'lessons_learned': 'Highlights vulnerabilities in third-party cloud services '
'and the ongoing threat posed by cybercriminal groups '
'specializing in data exfiltration.',
'motivation': 'Data exfiltration',
'threat_actor': 'ShinyHunters',
'title': 'Abrigo Hit by ShinyHunters Breach, Exposing 700K+ Email Addresses',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized access to Salesforce instance'}