Charter (Spectrum) Confirms Breach After ShinyHunters Vishing Hits Salesforce; Hackers Claim Up to 42M Records
Charter Communications confirmed a data breach after the extortion group ShinyHunters claimed to have stolen up to 40-42 million records in an attack dated on or around April 1, 2026.
VERDICT — CONFIRMED

Charter Communications confirmed a data breach after the extortion group ShinyHunters claimed to have stolen up to 40-42 million records in an attack dated on or around April 1, 2026. According to ShinyHunters' account to BleepingComputer, the actors used a voice-phishing (vishing) call to compromise an employee's Microsoft Entra account, then accessed Charter's Salesforce instance to export customer records. Exposed data reportedly includes customer names, email addresses, physical and company addresses, phone numbers, phone type and plan information, plus support-ticket details; ShinyHunters also claimed roughly 27,000 employee records were taken.
Independent analysis of the leaked dataset confirmed information tied to approximately 13 million or more individuals, a lower figure than the actors' claim. Charter stated that 'No sensitive personal information (PI) or customer proprietary network information (CPNI) data was exfiltrated,' contradicting the actors' assertion that some CPNI was taken, and said it is cooperating with authorities. After Charter reportedly declined to pay, ShinyHunters listed the company on its leak site and began publishing portions of the data; the public disclosure window centered on May 27.
The breach fits ShinyHunters' broader 2026 pattern of social-engineering corporate SSO accounts (Microsoft Entra, Okta, Google) to reach connected SaaS apps such as Salesforce, then extorting victims. Coverage urged customers to expect targeted phishing and impersonation scams.
