Hackers have stolen the private and phone info of practically 1 million accounts after breaching the programs of Determine Know-how Options, a self-described blockchain-native monetary know-how firm.
Based in 2018, Determine makes use of the Provenance blockchain for lending, borrowing, and securities buying and selling, and has unlocked over $22 billion in house fairness with over 250 companions, together with banks, credit score unions, fintechs, and residential enchancment corporations.
Whereas the blockchain lender did not publicly disclose the incident, a Determine spokesperson advised TechCrunch on Friday that the attackers stole “a restricted variety of recordsdata” in a social engineering assault.
BleepingComputer has additionally reached out to Determine with additional questions in regards to the breach, however a response was not instantly out there.
Though the corporate has but to share what number of people had been affected by the information breach, notification service Have I Been Pwned has now revealed the extent of the incident, reporting that information from 967,200 accounts was stolen within the assault.
“In February 2026, information obtained from the fintech lending platform Determine was publicly posted on-line,” Have I Been Pwned mentioned on Wednesday.
“The uncovered information, relationship again to January 2026, contained over 900k distinctive e-mail addresses together with names, telephone numbers, bodily addresses and dates of delivery. Determine confirmed the incident and attributed it to a social engineering assault by which an worker was tricked into offering entry.”
The ShinyHunters extortion group claimed accountability for the breach and added the corporate to its darkish net leak web site, leaking 2.5GB of knowledge allegedly stolen from 1000’s of mortgage candidates.
In latest weeks, ShinyHunters claimed related breaches at Canada Goose, Panera Bread, Betterment, SoundCloud, PornHub, and CrowdStrike.
Whereas not all of them are a part of the identical marketing campaign, a few of these victims had been breached in a voice phishing (vishing) marketing campaign concentrating on single sign-on (SSO) accounts at Okta, Microsoft, and Google throughout greater than 100 high-profile organizations.
The attackers are impersonating IT assist, calling their targets’ workers and tricking them into getting into credentials and multi-factor authentication (MFA) codes on phishing websites that impersonate their corporations’ login portals.
As soon as in, they achieve entry to the sufferer’s SSO account, which supplies them with entry to different linked enterprise purposes and providers, together with Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Zendesk, Dropbox, Adobe, Atlassian, and plenty of others.
As a part of this marketing campaign, ShinyHunters additionally breached on-line relationship large Match Group, which owns a number of standard relationship providers, together with Tinder, Hinge, Meetic, Match.com, and OkCupid.
Trendy IT infrastructure strikes sooner than handbook workflows can deal with.
On this new Tines information, find out how your workforce can cut back hidden handbook delays, enhance reliability by automated response, and construct and scale clever workflows on prime of instruments you already use.
