ShinyHunters
ShinyHunters is a data-theft and extortion group that dropped from the Bitdefender ransomware top ten in June 2026 following law-enforcement visibility.
Last refreshed: 14 June 2026 · Appears in 1 active topic
Has law enforcement permanently disrupted ShinyHunters after its 2026 ranking fall?
Timeline for ShinyHunters
Mentioned in: Crews now cross-claim each rival victim
Cybersecurity: Threats and Defences- Who are ShinyHunters hackers?
- ShinyHunters is a data-theft and extortion group known for large-scale database breaches, including Tokopedia and Mathway. Members have faced prosecution in France and the United States.Source: Court records and threat-intelligence reporting
- What data did ShinyHunters steal?
- ShinyHunters has exfiltrated databases containing hundreds of millions of records from e-commerce platforms, educational services, and cloud storage providers, typically selling them on criminal marketplaces.
- Why did ShinyHunters drop out of the ransomware top ten in 2026?
- Bitdefender's June 2026 debrief attributed the exit to increased law-enforcement visibility, building on prior prosecution of group members that has constrained high-volume activity.Source: Bitdefender June 2026 threat debrief
- Is ShinyHunters the same as a ransomware group?
- Not strictly. ShinyHunters primarily exfiltrates and sells data rather than deploying ransomware for encryption, though it uses extortion. The exfiltrate-then-extort model it popularised is now common across the criminal market.
Background
ShinyHunters is a data-theft and extortion group with a long track record of large-scale credential and database breaches before dropping out of Bitdefender's ransomware top ten in June 2026 following law-enforcement visibility. The group gained significant public attention through a series of high-profile breaches including Tokopedia, Mathway, and several cloud-storage providers, typically exfiltrating databases and selling them on criminal marketplaces.
ShinyHunters does not follow a traditional ransomware-only model: its primary technique is data exfiltration and direct sale or extortion, with encryption used selectively. Members have faced prosecution in multiple jurisdictions; in 2022 a French national connected to the group was arrested and subsequently extradited to the United States, where charges related to computer fraud were pursued. The June 2026 ranking drop is consistent with that enforcement pressure compounding over time.
The group's significance for defenders extends beyond its own operations: ShinyHunters popularised the exfiltrate-then-extort approach that separates data theft from encryption, a model that has since been adopted by several subsequent crews. Its periodic resurgences after law-enforcement actions illustrate why ranking drops alone are not sufficient indicators of a group's permanent dissolution.