ShinyHunters Publishes Abrigo Fintech Salesforce Data
Fintech software provider Abrigo was targeted in a pay-or-leak extortion attempt by ShinyHunters. The group published data allegedly from the company's Salesforce instance, exposing over 711k unique email addresses along with business contact information such as names, phone numbers, and institution details. The data was added to Have I Been Pwned on May 14.
- email-addresses
- names
- phone-numbers
- business-contact-info
On May 14, 2026, the threat actor group ShinyHunters published a dataset containing more than 711,000 unique email addresses and associated business contact records stolen from Abrigo, a fintech software provider. The exposed information, drawn from the company’s Salesforce instance, includes names, phone numbers, and institution details. The records were subsequently added to Have I Been Pwned the same day.
Public reporting indicates that ShinyHunters had attempted to extort Abrigo by demanding payment in exchange for not releasing the data. When the demand went unmet, the group published the files. The breach is classified as medium severity. Available reporting describes the incident as involving data that was stored within Abrigo’s Salesforce environment, though the precise method of initial access has not been publicly detailed by the company.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →