ShinyHunters Leaks 5.1 Million ZenBusiness Accounts – CRM Data Exfiltrated from Snowflake, Mixpanel & Salesforce
What Happened – In March 2026 the extortion group ShinyHunters claimed to have stolen terabytes of ZenBusiness data from multiple cloud services (Snowflake, Mixpanel, Salesforce) and released it publicly after a ransom was not paid. The dump contains roughly 5 million unique email addresses, many with names and phone numbers, spanning leads, support tickets and other CRM records.
Why It Matters for TPRM –
- Exposure of contact data from a business‑formation SaaS creates phishing and social‑engineering risk for downstream vendors and their customers.
- The breach demonstrates how third‑party cloud dependencies can become a single point of failure for a supplier.
- Large‑scale data loss may trigger contractual breach notifications, regulatory fines, and reputational damage for any organization that relies on ZenBusiness for compliance services.
Who Is Affected – SaaS platforms providing business formation, compliance, and CRM services; their downstream clients (SMBs, professional service firms, fintech onboarding providers).
Recommended Actions –
- Verify whether your organization uses ZenBusiness for entity formation or compliance and assess data flow.
- Review contracts for breach‑notification clauses and data‑processing addenda.
- Ensure robust email hygiene, enforce MFA, and rotate credentials for any accounts linked to ZenBusiness services.
Technical Notes – The breach appears to stem from a supply‑chain compromise of third‑party cloud services (Snowflake, Mixpanel, Salesforce) rather than a direct vulnerability in ZenBusiness. No specific CVE was disclosed. Exfiltrated data includes email addresses, names, and phone numbers. Source: Have I Been Pwned – ZenBusiness Breach