ShinyHunters Leak Alleged Data of Millions From SoundCloud, Crunchbase and Betterment

ShinyHunters claim to have leaked millions of records from SoundCloud and Crunchbase after failed extortion attempts, with possible links to an Okta vishing campaign.

The notorious ShinyHunters hackers are back in the news. The group has set up a dark web .onion leak site and has published alleged partial databases linked to three companies. These include SoundCloud, a global audio streaming platform, Crunchbase, which provides data on private and public companies, and Betterment, an American financial advisory company.

The leak spree began yesterday, on 22 January 2026, when messages appeared on the group’s Telegram chat account containing links to .onion domains. These links offered the public free access to the alleged data dumps. According to the group, the leaks were carried out after their extortion attempts against the affected companies were denied.

“We are after corporate regime change in all parts of the world. Pay or leak. We will aggressively and viciously come after you once we have your data. By the time you are listed here, it will be too late. Next time. You will learn from it. It will ALWAYS be your best decision, choice, and option to engage with us and come to an agreement with us. Proceed wisely,” the group’s message on the leak site says.

It is worth noting that in December 2025, SoundCloud acknowledged a data breach that impacted around 20 percent of its user base. With SoundCloud reporting between 175 and 180 million users, this places the total at roughly 35 to 36 million accounts. That figure closely matches the number of impacted users claimed by ShinyHunters.

In total, the alleged data includes more than 20 million records linked to Betterment containing Personally Identifiable Information, over 2 million alleged records from Crunchbase, and more than 30 million records associated with SoundCloud that are now circulating online.

The new dark web leak site from ShinyHunters (Image credit: Hackread.com)

****Okta Connection?

On 22 January 2026, Okta, a cloud-based Identity and Access Management service, issued a security advisory warning of an Okta SSO vishing campaign that has already resulted in multiple victims, though the exact number remains unknown.

According to a LinkedIn post from Alon Gal of Hudson Rock, a cybersecurity firm based in Israel, ShinyHunters contacted him to confirm that the group is also behind the Okta SSO vishing campaign and claimed that additional leaks will follow.

This raises the question of whether all three alleged data breaches are linked to Okta. That remains unclear. To address this, Hackread.com has contacted ShinyHunters directly seeking clarification.

Meanwhile, the alleged data linked to all three companies remains available for download. Hackread.com has observed evidence that the download links are now being circulated across major cybercrime forums, including French and Russian language communities.

Hackread.com has also reached out to SoundCloud, Crunchbase, and Betterment for comment. Until the companies involved confirm the authenticity of the data, the alleged breaches should be treated strictly as claims.