HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

ShinyHunters Extortion Gang Leaks 4.9M Charter Communications Customer Records After Vishing Attack

In April 2026, the ShinyHunters gang leveraged a voice‑phishing call to hijack a Charter employee’s Microsoft Entra account, accessed the carrier’s Salesforce database, and leaked 4.9 million customer records. The breach underscores credential‑security gaps in large telecom providers and poses significant third‑party risk for organizations that depend on Charter’s services.

LiveThreat™ Intelligence · 📅 May 29, 2026· 📰 bleepingcomputer.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
bleepingcomputer.com

ShinyHunters Extortion Gang Leaks 4.9 M Charter Communications Customer Records After Vishing Attack

What Happened – In early April 2026, the ShinyHunters extortion gang compromised a Charter Communications employee’s Microsoft Entra account via a voice‑phishing (vishing) call. The foothold was used to access Charter’s Salesforce instance, where the attackers exfiltrated millions of records and later published 4.9 million customer records on a dark‑web leak site.

Why It Matters for TPRM

  • Large‑scale exposure of personally identifiable information (PII) from a Tier‑1 telecom provider can cascade to downstream vendors and partners.
  • The attack vector (vishing) highlights the need for robust identity‑and‑access controls on privileged accounts.
  • Public disclosure of the breach may trigger regulatory scrutiny and contractual penalties for organizations that rely on Charter’s services.

Who Is Affected – Telecommunications customers (residential and business), SaaS‑dependent applications that integrate with Charter’s Salesforce data, and any third‑party services that ingest the exposed customer information.

Recommended Actions

  • Review and harden MFA and conditional access policies for all privileged accounts, especially those linked to Microsoft Entra/Azure AD.
  • Conduct a data‑flow audit to identify any downstream systems that may have ingested the compromised Salesforce data.
  • Verify that contractual security clauses with Charter address breach notification, data handling, and liability.
  • Monitor for credential reuse or phishing attempts targeting your organization’s employees.

Technical Notes – Attack vector: voice‑phishing (vishing) leading to compromised Microsoft Entra credentials. Exfiltrated data: names, email addresses, phone numbers, physical addresses, job titles, plan information, support tickets, and limited CPNI. No confirmed theft of highly sensitive CPNI. Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/security/charter-communications-data-breach-affects-49-million-accounts/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

Data exposure is where consent and DSAR readiness get tested.

When personal data leaks, regulators ask what consent you held and how fast you can answer a subject request. The Verisq AI Trust Operations platform, with CookiePLUS, keeps that posture audit-ready under GDPR and CCPA.

Explore the Verisq AI Trust Operations platform →