Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: data-leak (2 articles)Clear

ShinyHunters publishes Charter Communications data after failed extortion - up to 5 million customer records now leaked, not just claimed

The ShinyHunters extortion group has now published the Charter Communications data it stole, after the telecom giant apparently refused to pay. Earlier reporting put the breach at 4.9 million HIBP-confirmed unique accounts; ShinyHunters' leak is described as potentially impacting up to 5 million customers. Charter is one of the largest US telecoms, providing internet, cable, mobile, and phone services to residential and business customers under the Spectrum brand. The data was originally exfiltrated via voice-phishing of a Microsoft Entra account on April 1 and a Salesforce export. With the data now public rather than merely claimed, the phishing and identity-theft risk to affected customers rises sharply.

Check
If you are a Charter/Spectrum customer or vendor, treat the leaked dataset as public now. Watch for Spectrum-themed phishing and account-recovery fraud over the next 60-90 days.
Affected
Up to 5 million Charter/Spectrum customers whose records are now publicly leaked, not just claimed. Names, contact details, and plan information enable targeted phishing and impersonation.
Fix
Affected individuals: rotate Spectrum credentials, enable MFA, scrutinize unsolicited Charter contacts. Organizations: refresh breach-monitoring watchlists and brief help desks against Charter-themed social engineering.

Public Amazon S3 bucket leaks 1M+ passports, IDs, and selfies from Japanese hotel check-in platform Tabiq

An Amazon S3 bucket simply named 'tabiq' was left open to anyone who knew the name, exposing over a million passports, driver's licenses, and identity-verification selfies submitted by hotel guests worldwide. The platform, run by Japanese operator Reqrea, handles digital check-in. Researcher Anurag Sen found the bucket and notified TechCrunch and JPCERT; the bucket has since been locked down. Reqrea says the exposed files date from early 2020 through May 2026 and that it does not yet know how the bucket became public. The company is still reviewing access logs to determine whether anyone else accessed the data.

Check
Inventory your S3 buckets for public ACLs or 'AllUsers' policies. If your employees used Tabiq or Reqrea-operated check-in for corporate travel, identify travelers since 2020.
Affected
Hotel guests who checked in through the Reqrea Tabiq platform between early 2020 and May 2026. Exposed data includes passports, driver's licenses, and biometric selfies.
Fix
Enable S3 Block Public Access at the account level. For affected travelers, monitor identity-document fraud alerts and consider passport reissuance for high-risk staff. Watch for phishing referencing real travel history.