← All articles

HVAC distributor Baker breach exposes 102,000 accounts to ShinyHunters

Baker Distributing, one of the largest US wholesalers of heating, cooling, and refrigeration equipment, has been hit by the extortion group ShinyHunters, which stole company data and posted it after the company did not pay. Breach-tracking service Have I Been Pwned has now confirmed 102,935 affected accounts; the gang originally claimed more than 260,000 stolen records pulled from Salesforce and internal SharePoint sites, including HR documents. ShinyHunters has been on a tear this year, breaking into corporate SaaS accounts by tricking IT help desks into resetting credentials. Exposed personal and business data fuels follow-on phishing aimed at Baker's customers and staff.

Check
If you work with or for Baker Distributing, check whether your email appears in Have I Been Pwned and watch inboxes for HVAC or invoice-themed phishing referencing the breach.
Affected
Baker Distributing employees, contractors, and business customers whose personal and corporate data sat in the breached Salesforce and SharePoint systems; 102,935 accounts confirmed.
Fix
Reset passwords reused with Baker accounts and enable phishing-resistant MFA. For your own org, lock down help-desk identity resets with callback verification to blunt ShinyHunters-style social engineering.