Woflow, an AI-driven merchant data platform, has been claimed by ShinyHunters, the notorious data extortion group. The attackers claim they’ve gained access to hundreds of millions of sensitive company and client documents.
-
Hackers claim to have breached Woflow and accessed hundreds of millions of records.
-
Attackers threatens to leak personal and transaction records on March 6th.
-
Experts warn that paying ransoms invites secondary attacks and fails to guarantee data deletion.
-
ShinyHunters recently breached telecom giant Odido and used voice phishing to target major tech firms.
ShinyHunters posted Woflow on its dark web blog, which it uses to showcase its latest victims. The attackers are threatening to leak the data on March 6th if the company refuses to succumb to their demands.
“Several hundreds of millions of records containing PII, transaction/order data, other internal corporate data, and a lot more have been compromised,” the attackers boasted.
Woflow automates the digitization and structuring of merchant data, with Uber, DoorDash, and Walmart among its clients. We have reached out to the company for comment and will update this article once we receive a reply.
So far, ShinyHunters has not provided a data sample, which would allow our researchers to investigate its claims. However, the gang, like so many other extortion-based cartels, often announces a data breach and releases data incrementally to pressure companies into paying.
Recently, the gang breached the major Dutch telecommunications company Odido and proceeded to leak several million records for several days, causing the company a multitude of problems.
“As far as we can see, ShinyHunters mostly target big names or companies that partner with known businesses. They bank on victims fearing for their reputation, which supposedly increases pressure to pay the ransom due to regulatory or reputational risks,” Cybernews researchers explained.
However, cybersecurity experts and law enforcement agencies advise against paying ransoms. For one, this directly funds illicit activities. More importantly, despite what cybercrooks say, there’s no guarantee that paying a ransom will prevent data from being sold on the dark web.
Moreover, paying up invites secondary attacks. Members of extortion groups overlap, and word about a paying victim can spread far and wide, increasing the risk of repeating data breaches.
Since early 2026, the UK has implemented a ban on public-sector and critical infrastructure organizations paying ransoms. The FBI in the US also advises against paying, noting that it perpetuates crime without guaranteeing results.
Check if your data has been leaked
ShinyHunters’ ballooning list of victims
ShinyHunters reportedly ran a voice phishing campaign to steal single sign-on (SSO) credentials for Okta, Microsoft, and Google accounts.
ShinyHunters was also attributed to a potential data breach at Waltio, a prominent French cryptocurrency tax filing platform, which the hackers controversially linked to kidnapping cases in France.
The conversation on this topic is live. Join in the discussion.
The gang has also claimed attacks on Bumble, Match Group (which operates Hinge, Match, and OkCupid), and hotel operator Wynn Resorts. It also targeted the private company intelligence platform Crunchbase.
The gang is associated with last year’s Salesforce CRM data heist that targeted enterprise cloud services and customer databases.
On June 25th, 2025, French authorities announced the arrest of four alleged members of ShinyHunters across multiple regions of France.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked