Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: charter (2 articles)Clear

ShinyHunters publishes Charter Communications data after failed extortion - up to 5 million customer records now leaked, not just claimed

The ShinyHunters extortion group has now published the Charter Communications data it stole, after the telecom giant apparently refused to pay. Earlier reporting put the breach at 4.9 million HIBP-confirmed unique accounts; ShinyHunters' leak is described as potentially impacting up to 5 million customers. Charter is one of the largest US telecoms, providing internet, cable, mobile, and phone services to residential and business customers under the Spectrum brand. The data was originally exfiltrated via voice-phishing of a Microsoft Entra account on April 1 and a Salesforce export. With the data now public rather than merely claimed, the phishing and identity-theft risk to affected customers rises sharply.

Check
If you are a Charter/Spectrum customer or vendor, treat the leaked dataset as public now. Watch for Spectrum-themed phishing and account-recovery fraud over the next 60-90 days.
Affected
Up to 5 million Charter/Spectrum customers whose records are now publicly leaked, not just claimed. Names, contact details, and plan information enable targeted phishing and impersonation.
Fix
Affected individuals: rotate Spectrum credentials, enable MFA, scrutinize unsolicited Charter contacts. Organizations: refresh breach-monitoring watchlists and brief help desks against Charter-themed social engineering.

ShinyHunters Charter Communications breach hit 4.9 million unique accounts (42M records claimed) - HIBP confirms scale

HIBP has confirmed 4.9 million unique accounts (4,851,517 email addresses) were affected by the Charter Communications breach disclosed earlier this week. The ShinyHunters extortion gang initially claimed 42 million records exfiltrated from Charter's Salesforce instance via voice-phishing of a Microsoft Entra account on April 1; the unique-account count is lower because individuals appeared on multiple records (customer + business + plan-info). Charter publicly denies that CPNI (Customer Proprietary Network Information) or sensitive personal data was taken. The HIBP entry refines the scope to a defender-actionable figure and lets customers and IR teams check exposure across their workforce.

Check
Run your @company.com domains against HIBP for Charter exposure. If you are a Charter customer or vendor, expect targeted vishing themed around Spectrum service issues for the next 60 days.
Affected
4.9 million unique Charter/Spectrum customer email addresses now in HIBP. SaaS-extortion playbook (Salesforce + Entra/Okta SSO + BPO vishing) remains the broader risk pattern.
Fix
Affected individuals: rotate Spectrum credentials, enable MFA, scrutinize unsolicited Charter calls. Organizations with Salesforce + Entra: enforce phishing-resistant MFA on all admin and BPO identities.