US broadband giant Charter Communications has confirmed a data breach after the ShinyHunters extortion group listed it on its Tor leak site claiming 40 million stolen consumer and business records. ShinyHunters told BleepingComputer the intrusion began April 1 via a vishing attack that compromised an employee's Microsoft Entra account, used to export records from the company's Salesforce instance. Stolen data reportedly includes names, email addresses, addresses, phone numbers, plan information, and some CPNI (Customer Proprietary Network Information). Charter publicly denies CPNI was taken. ShinyHunters' SaaS-extortion playbook continues: Salesforce + Entra/Okta SSO + BPO vishing is the same model used against Instructure and others.