ShinyHunters claim to have leaked millions of records from SoundCloud and Crunchbase after failed extortion attempts, with possible links to an Okta vishing campaign.
The notorious ShinyHunters hackers are back in the news. The group has set up a dark web .onion leak site and has published alleged partial databases linked to three companies. These include SoundCloud, a global audio streaming platform, Crunchbase, which provides data on private and public companies, and Betterment, an American financial advisory company.
The leak spree began yesterday, on 22 January 2026, when messages appeared on the group’s Telegram chat account containing links to .onion domains. These links offered the public free access to the alleged data dumps. According to the group, the leaks were carried out after their extortion attempts against the affected companies were denied.
It is worth noting that in December 2025, SoundCloud acknowledged a data breach that impacted around 20 percent of its user base. With SoundCloud reporting between 175 and 180 million users, this places the total at roughly 35 to 36 million accounts. That figure closely matches the number of impacted users claimed by ShinyHunters.
Okta Connection?
On 22 January 2026, Okta, a cloud-based Identity and Access Management service, issued a security advisory warning of an Okta SSO vishing campaign that has already resulted in multiple victims, though the exact number remains unknown.
According to a LinkedIn post from Alon Gal of Hudson Rock, a cybersecurity firm based in Israel, ShinyHunters contacted him to confirm that the group is also behind the Okta SSO vishing campaign and claimed that additional leaks will follow.
This raises the question of whether all three alleged data breaches are linked to Okta. That remains unclear. To address this, Hackread.com has contacted ShinyHunters directly seeking clarification.
Meanwhile, the alleged data linked to all three companies remains available for download. Hackread.com has observed evidence that the download links are now being circulated across major cybercrime forums, including French and Russian language communities.
Hackread.com has also reached out to SoundCloud, Crunchbase, and Betterment for comment. Until the companies involved confirm the authenticity of the data, the alleged breaches should be treated strictly as claims.