Over 16M unique persons records containing significant PII, financial/transactions (credit cards), KYC and data from TransUnion and Experian (background checks). The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care.
Entire list of affected schools by Instructure breach
The download button below is a list of affected schools by the Instructure Canvas LMS data breach. If any of the schools in the file are interested in preventing the release of their data please consult with a cyber advisory firm and contact us privately at TOX to negociate a settlement. You have till the end of the day by 7 May 2026 before everything is leaked and there will be no chance at a negociation for anyone. Instructure has not even bothered speaking to us to understand the situation or to even negociate with us to prevent the release of this data. Our demand was not even as high as you might think it is. The Company seemingly does not care about all the students affected and the institutions impacted by this data breach. They still have by 6 May 2026 to come speak with us. There is no better option but to come to an agreement with us. Not paying will only worsen the situation rather than resolving it.
Instructure Holdings, Inc. (Canva LMS, instructure.com)
Nearly 9,000 schools worldwide affected. 275 million individuals data ranging from students, teachers, and other staff containing PII. Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved. Pay or Leak. This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Cushman & Wakefield Inc.
Over 500k Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
TOWERPOINT WEALTH, LLC
Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 4 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Follett Software LLC
Over 4M Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 4 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Vimeo, Inc.
Your Snowflake and Bigquery instances data was compromised thanks to Anodot.com. Pay or Leak. This is a final warning to reach out by 30 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Udemy, Inc. (udemy.com)
Over 1.4M records containing PII and other internal corporate data have been compromised. Pay or Leak. This is a final warning to reach out by 27 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
ADT, Inc. (adt.com)
Over 10M records containing PII and other internal corporate data have been compromised. Pay or Leak. This is a final warning to reach out by 27 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Aman Resorts (aman.com)
Over 500k Salesforce records containing PII have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
The Canada Life Assurance Company (aman.com)
Over 500k Salesforce records containing PII have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
The Canada Life Assurance Company (canadalife.com)
Over 5.6M Salesforce records containing PII have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Pitney Bowes Inc. (pb.com)
Over 25M Salesforce records containing PII have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
7-Eleven, Inc. (7-eleven.com)
Over 600k Salesforce records containing PII and other internal corporate data have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Carnival Corporation & plc (carnivalcorp.com)
Over 8.7M records containing PII and other terabytes of internal corporate data have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Medtronic plc (medtronic.com)
Over 9M records containing PII and other terabytes of internal corporate data have been compromised. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Zara (zara.com)
Your Bigquery instances data was compromised thanks to Anodot.com. Pay or Leak. This is a final warning to reach out by 21 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Alert 360 Opco Inc. (alert360.com)
Over 2.5M records containing PII and other internal corporate data have been compromised. Please read the chatlog of the negociation by cliking the Download button below to see why this data was leaked.
Mytheresa
Sensitive customer PII data and transactional history data was compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Rockstar Games
Your Snowflake instances metrics data was compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Abrigo, Inc.
Over 1.7M Salesforce records containing PII and other internal corporate data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Marcus & Millichap, Inc.
Over 30M Salesforce records containing PII and other internal corporate data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Kemper Corporation
Over 13M Salesforce records containing PII and other internal corporate data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Ryan, LLC.
Over 4.8M Salesforce records containing PII and other internal corporate data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
McGraw Hill, Inc. (mheducation.com)
Over 45M Salesforce records containing PII data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
National Railroad Passenger Corporation (amtrak.com)
Over 9.4M Salesforce records containing PII and other internal corporate data have been compromised. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Zenbusiness, Inc.
Several terabytes combined from Snowflake, Mixpanel, Salesforce, financial/kyc data, other data containing sensitive PII, business data, and ect. were compromised. The company failed to reach an agreement with us despite all the chances and offers we made. They don't care AT ALL.
Cisco Systems, Inc. (cisco.com)
3 breaches (UNC6040, Salesforce Aura, and AWS accounts). Total over 3M Salesforce records containing PII, Github repositories, AWS buckets and other internal corporate data have been compromised. This is a final warning to reach out by 3 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Hallmark Cards, Inc. & Hallmark Plus
Over 7.9M Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 2 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
European Commission (*.europa.eu)
Over 350 GB+ of data was compromised, including data dumps of mail servers, databases, confidential documents, contracts, and much more sensitive material.
BreachForums version 5
BreachForums has been run by many fakes, but by us, following the FBI seizure on 10 Oct 2025. Maintaining such an ecosystem is a waste of our time. There was an unauthorised leak on 9 Jan 2026. Ever since then, false personas going by “N/A“ and “Indra“ were successfully able to restore a similar-looking “legitimate“ forum. All the current forums are fake [ .sb, .ac, .fi, .bf, .us, ect.]. If they continue to exist, we'll leak all the BF backups, including every private message, emails, IP addresses, posts, ect. We have exploits for all 1.8 versions of MyBB.
ZenBusiness, Inc.
Several terabytes from Snowflake, Mixpanel, Salesforce, and ect. have been compromised. This is a final warning to reach out by 30 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Berkadia Commercial Mortgage, LLC. (berkadia.com)
Salesforce records containing PII and other internal corporate data have been compromised. The company failed to reach an agreement with us despite all the chances and offers we made. They don't care.
Ameriprise Financial, Inc.
Salesforce records containing PII and over 200GB compressed Sharepoint internal corporate data have been compromised. This is a final warning to reach out by 25 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Infinite Campus, Inc.
Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 25 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Berkadia Commercial Mortgage LLC
Over 5M Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 22 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Aura Group, Inc. (aura.com)
Over 900k records containing PII and other internal corporate data have been compromised. The company failed to reach an agreement with us despite all the chances and offers we made. They don't care.
Aura Group, Inc
Over 2M records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 14 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
CFGI Management (cfgi.com)
Over 800k records containing PII and other internal corporate data have been compromised. The company failed to reach an agreement with us despite all the chances and offers we made. They don't care about their clients nor investors.
Vertex Inc.
Over 2M records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 12 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Salesforce Aura Campaign
Several hundreds of companies set to release with FINAL WARNINGs upon failure to comply. To all affected companies who will be or are being contacted by us ("ShinyHunters"), please consider this a preliminary warning before we release your name with FINAL WARNING or a complete data leak. Reply, engage, pay a small price, and prevent a publication. Make the right decision, don't be the next headline.
CFGI Management, LLC.
Over 800k records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 09 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Pathstone.com
Salesforce records were compromised and other internal corporate data have been compromised. The company failed to reach an agreement with us despite all the chances and offers we made. They don't care about their clients nor investors.
Woflow, Inc.
Several hundreds of millions of records containing PII, transaction/order data, other internal corporate data, and a lot more (you don't want us to say publicly) have been compromised. This is a final warning to reach out by 06 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Pathstone Family Office, LLC
Over 641k records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 2 Mar 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Odido NL & Ben.nl
Almost 21M records containing Full Names, Physical addresses, email addresses, phone numbers, and plaintext passwords, IBAN, passport numbers, driver license numbers and other internal corporate data have been compromised. This is a final warning to come back to our chat and finish what we set out to do before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. You know where to find us.
Beacon Pointe Advisors
Over 100k Salesforce records were compromised including over 59k containing PII and other internal corporate data have been compromised. The company failed to reach an agreement with us despite all the chances and offers we made. They don't care about their clients nor investors.
Wynn Resorts, Limited.
Over 800k records containing PII (SSNs, etc.) and employee data have been compromised. This is a final warning to reach out by 24 Feb 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
CarGurus, Inc.
Over 1.7M records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 20 Feb 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Mercer Advisors
Over 5 million records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 18 Feb 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Beacon Pointe Advisors, LLC.
Over 100k+ records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 18 Feb 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline.
Canada Goose
Over 600k records containing PII and payment/financial information have been compromised.
Figure Technology Solutions, Inc.
Thousands of applicants of Figure.com PII were compromised. They decided to waste time and hide instead because their leadership is a mess and can't make a decision.
University of Pennsylvania
"Fewer than 10 records"* ;) containing PII and donation data have been compromised. *: More like 1.2 million
Harvard University
Over 1 million records containing PII and donation data have been compromised. This is the direct result of advisors advising you against paying a ransom. It has the opposite effect. Do NOT provoke us again and pay the ransom when we contact you.
Bumble Inc.
Thousands of internal documents from Bumble. Our exfiltration focused on documents designated at restricted or confidential. Files primarily from Google Drive and Slack.
Match Group
Over 10 million records of Hinge, Match, and OkCupid usage data from Appsflyer and hundreds of internal documents.
Panera Bread
Over 14 million records containing Personally Identifiable Information (PII) have been compromised.
