Charter Communications has confirmed a cybersecurity incident after the notorious ShinyHunters extortion group claimed it stole millions of customer records and threatened to leak the data unless a ransom is paid.
The telecommunications giant, which operates under the Spectrum brand, said it is working with law enforcement and investigating the breach. Charter stated that no sensitive personal information or customer proprietary network information (CPNI) was exposed during the attack.
However, ShinyHunters claims the breach involved nearly 40 million customer records after attackers allegedly gained access through a voice phishing, or vishing, attack targeting an employee’s Microsoft Entra account on April 1.
According to the threat actors, the stolen data includes customer names, phone numbers, email addresses, home addresses, account plan details, phone types, and customer support ticket information. The hackers reportedly used the compromised account to access Charter’s Salesforce environment and export large amounts of consumer and business customer data.
Cybersecurity experts warn that social engineering attacks like vishing are becoming increasingly common as cybercriminal groups target employee login credentials tied to cloud platforms and single sign-on systems. Groups like ShinyHunters have recently focused on compromising accounts connected to Microsoft Entra, Okta, Google Workspace, Slack, Salesforce, Dropbox, and other major SaaS platforms.
The incident highlights the growing risk facing large telecommunications and technology companies as attackers continue using sophisticated social engineering tactics to bypass traditional security defenses.