Cybersecurity firm Resecurity has responded to recent claims made by the hacking group ShinyHunters, who earlier today alleged they had successfully breached the company’s internal systems and exfiltrated sensitive data. The firm, however, says the hackers were interacting with a honeypot, not their real infrastructure.
ShinyHunters’ Claim
On January 3, ShinyHunters announced via their Telegram channel that they had “gained full access” to Resecurity’s internal systems. The group claimed to have obtained employee records, internal chat logs, threat intelligence files, client data, and more.
They also shared multiple screenshots that appeared to show access to backend dashboards, user profiles, tokens, and internal chat discussions. The leak was positioned as a retaliatory move, with the group accusing Resecurity of previously attempting to social engineer them under the guise of fake buyers on dark web forums.
Resecurity’s Response
Resecurity countered the allegations with a detailed statement to Hackread.com and referred to its December 24, 2025’s blog post titled “Synthetic Data: A New Frontier for Cyber Deception and Honeypots.” According to the company, the attackers were interacting with a simulated environment specifically designed to deceive and log unauthorised activity.
The honeypot, as described, included synthetic employee accounts, fake apps, and isolated infrastructure unrelated to real operations or customers. One such decoy was reportedly planted via a dark web marketplace using a bait account. The company shared evidence of this setup with Hackread.com, including logs of the attackers’ interactions and screenshots showing repeated access to fake accounts such as [email protected].
In a screenshot shared publicly, the attacker’s activity is mapped across various IP addresses, some of which appear to be real and unmasked due to proxy failures. This, according to Resecurity, supports their assertion that the environment worked as intended, recording detailed behavioural data on the intruder.
No Impact Claimed
Resecurity stated that no actual client data, passwords, or operational systems were affected. The honeypot was isolated from production environments, and the incident caused no disruption or breach of real assets. The firm also emphasised that its use of synthetic data and deception tactics is a common counterintelligence strategy for identifying and studying threat actors.
In addition, Resecurity linked to a prior blog post from September 2025 detailing the activity of groups including ShinyHunters, suggesting the attack may have been motivated in part by their ongoing exposure of such actors.
Bottom Line
ShinyHunters presented what they framed as a major breach, but Resecurity has responded with a clear denial backed by logs and timing that suggest the incident was part of a controlled trap. Until further details emerge, the situation suggests that the honeypot strategy may have worked as intended in misleading the group and logging their activity.