Hackers have stolen the private and phone info of practically 1 million accounts after breaching the programs of Determine Know-how Options, a self-described blockchain-native monetary know-how firm.
Based in 2018, Determine makes use of the Provenance blockchain for lending, borrowing, and securities buying and selling, and has unlocked over $22 billion in house fairness with over 250 companions, together with banks, credit score unions, fintechs, and residential enchancment corporations.
Whereas the blockchain lender did not publicly disclose the incident, a Determine spokesperson instructed TechCrunch on Friday that the attackers stole “a restricted variety of recordsdata” in a social engineering assault.
BleepingComputer has additionally reached out to Determine with additional questions concerning the breach, however a response was not instantly accessible.
Though the corporate has but to share what number of people have been affected by the data breach, notification service Have I Been Pwned has now revealed the extent of the incident, reporting that knowledge from 967,200 accounts was stolen within the assault.
“In February 2026, knowledge obtained from the fintech lending platform Determine was publicly posted on-line,” Have I Been Pwned mentioned on Wednesday.
“The uncovered knowledge, relationship again to January 2026, contained over 900k distinctive electronic mail addresses together with names, telephone numbers, bodily addresses and dates of delivery. Determine confirmed the incident and attributed it to a social engineering assault during which an worker was tricked into offering entry.”
The ShinyHunters extortion group claimed duty for the breach and added the corporate to its darkish net leak website, leaking 2.5GB of knowledge allegedly stolen from hundreds of mortgage candidates.
In latest weeks, ShinyHunters claimed comparable breaches at Canada Goose, Panera Bread, Betterment, SoundCloud, PornHub, and CrowdStrike.
Whereas not all of them are a part of the identical marketing campaign, a few of these victims have been breached in a voice phishing (vishing) marketing campaign concentrating on single sign-on (SSO) accounts at Okta, Microsoft, and Google throughout greater than 100 high-profile organizations.
The attackers are impersonating IT assist, calling their targets’ workers and tricking them into coming into credentials and multi-factor authentication (MFA) codes on phishing websites that impersonate their corporations’ login portals.
As soon as in, they achieve entry to the sufferer’s SSO account, which offers them with entry to different related enterprise purposes and providers, together with Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Zendesk, Dropbox, Adobe, Atlassian, and plenty of others.
As a part of this marketing campaign, ShinyHunters additionally breached on-line relationship large Match Group, which owns a number of standard relationship providers, together with Tinder, Hinge, Meetic, Match.com, and OkCupid.
Trendy IT infrastructure strikes quicker than guide workflows can deal with.
On this new Tines information, find out how your crew can cut back hidden guide delays, enhance reliability by automated response, and construct and scale clever workflows on prime of instruments you already use.
