ShinyHunters Charter Communications breach hit 4.9 million unique accounts (42M records claimed) - HIBP confirms scale
HIBP has confirmed 4.9 million unique accounts (4,851,517 email addresses) were affected by the Charter Communications breach disclosed earlier this week. The ShinyHunters extortion gang initially claimed 42 million records exfiltrated from Charter's Salesforce instance via voice-phishing of a Microsoft Entra account on April 1; the unique-account count is lower because individuals appeared on multiple records (customer + business + plan-info). Charter publicly denies that CPNI (Customer Proprietary Network Information) or sensitive personal data was taken. The HIBP entry refines the scope to a defender-actionable figure and lets customers and IR teams check exposure across their workforce.
- Check
- Run your @company.com domains against HIBP for Charter exposure. If you are a Charter customer or vendor, expect targeted vishing themed around Spectrum service issues for the next 60 days.
- Affected
- 4.9 million unique Charter/Spectrum customer email addresses now in HIBP. SaaS-extortion playbook (Salesforce + Entra/Okta SSO + BPO vishing) remains the broader risk pattern.
- Fix
- Affected individuals: rotate Spectrum credentials, enable MFA, scrutinize unsolicited Charter calls. Organizations with Salesforce + Entra: enforce phishing-resistant MFA on all admin and BPO identities.