ADVERTISEMENT

Cushman & Wakefield confirms breach as Salesforce hackers ShinyHunters, Qilin stake claims

Cushman & Wakefield confirmed a vishing-related security breach after both ShinyHunters and Qilin listed the commercial real estate giant on their dark web leak sites, with ShinyHunters claiming it stole more than 500,000 Salesforce records. alesforce hacking campaign.

Cushman & Wakefield

Smith Collection/Gado/Getty Images

Stefanie Schappert
Stefanie Schappert Senior Journalist
May 5, 2026 Updated: 6 May 2026 4 min read

Listen to this article

0:00
0:00
Key takeaways:
ShinyHunters Cushman & Wakefield post
ShinyHunters lists Cushman & Wakefield on its leak site, claiming it stole Salesforce-linked data. Image by Cybernews

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

Second ransomware gang enters the picture

Qilin ransomware post Cushman & Wakefield
Qilin leak site. Image by Cybernews
lockbit-oakland
LockBit later leaked Oakland city files after multiple ransomware gangs claimed responsibility for the California attacks. Image by Cybernews.
ADVERTISEMENT

Real estate giant pulled into ransomware playbook

Cushman & Wakefield leasing sign
Cushman & Wakefield operates globally, managing billions of square feet of commercial real estate. Andrew Harrer/Bloomberg via Getty Images

Salesforce campaign expands across industries

CRM, Customer relationship management software
ShinyHunters’ campaign is targeting Salesforce and other CRM platforms used by global enterprises. Image by Anton garin | Shutterstock
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
ShinyHunter victims
ShinyHunters’ leak site shows a growing list of victims tied to its ongoing data theft campaign. Screenshot of Shiny Hunters leak site, April 23, 2026. Image by Cybernews

ADVERTISEMENT