ADVERTISEMENT

Reports link ShinyHunters to SSO vishing attacks, but key details reserved for Okta paying customers

There are reports that threat actor ShinyHunters is behind an active voice phishing campaign, aimed at stealing single sign-on (SSO) credentials for Okta, Microsoft, and Google accounts.

voice phishing attacks

Image by Cybernews

Ann-Marie Corvin
Ann-Marie Corvin Senior Journalist
Jan 26, 2026 Updated: 27 January 2026 3 min read
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.

Who are the ShinyHunters?

Okta describes “real-time” vishing-enabled phishing kits

ADVERTISEMENT

Why Okta is a key target for attackers

Salesforce data leak
Shinyhunters was the criminal brand behind Salesforce CRM data heist targeting SaaS-based services and customer databases. Image by Cybernews.

Detailed threat advisory behind paywall

“Putting IoCs behind a paywall makes ecosystem-wide disruption harder, because effective takedowns depend on defenders, SaaS providers, and ISPs being able to rapidly share and operationalize indicators at scale.”
Cory Michal, CSO, AppOmni

What security measures can be taken?


ADVERTISEMENT