ADVERTISEMENT

ShinyHunters expands leak operation, promises stolen data will remain online “until the end of time”

Despite years of arrests, seizures, and takedowns, the ShinyHunters extortion gang on Thursday expanded its "pay or leak" operation – rolling out new mirrors, torrent downloads, and promising to keep stolen files online “until the end of time.”

ShinyHunters

Image by Cybernews.

Stefanie Schappert
Stefanie Schappert Senior Journalist
Jun 18, 2026 Updated: 19 June 2026 3 min read
Key takeaways:

Leak site gets major upgrade

ShinyHunters expansion post
ShinyHunters announces new mirrors, torrent downloads, and infrastructure upgrades for its leak operation. Image by Cybernews
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.
ShinyHunters new mirrors
The group says new mirror servers will help distribute leaked files during periods of heavy traffic. Image by Cybernews
Scattered Lapsus$ Hunters
Researchers say ShinyHunters has evolved into a resilient cybercrime brand that continues to survive arrests and takedowns. Image by Cybernews.

Why ShinyHunters keeps coming back

ShinyHunters timeline of takedowns
Despite multiple arrests, forum seizures, and convictions, researchers say the ShinyHunters brand continues to reemerge. Image by Cato Networks
ADVERTISEMENT
Scatterd Spider, LAPSUS$, and Shiny Hunters.
Researchers link ShinyHunters to the Scattered LAPSUS$ Hunters (SLH) ecosystem, which blends tactics from several well-known threat groups. Image by Scattered Spider via Telegram

ShinyHunters' victim list keeps growing

Salesforce, oracle, whole sales, java logos
ShinyHunters-linked campaigns have targeted cloud environments, SaaS platforms, and enterprise software ecosystems in recent years. Image by Cybernews
ShinyHunters victims
Recent victims posted by ShinyHunters include Amazon One Medical, Kodak, JCPenney, Madison Square Garden, and Sysco. Image by Cybernews

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

ADVERTISEMENT