Cybersecurity experts recently warned about a social engineering campaign targeting US companies, which has been attributed to a group that refers to itself as ShinyHunters.
The wave of cyberattacks has hit Bumble Inc., Panera Bread Co., Match Group Inc., and CrunchBase Inc., as cybersecurity experts warn about a new round of 2026 social engineering attacks.
Bumble Inc., the parent company of dating apps Bumble, Badoo and BFF, contacted law enforcement after one of its contractor’s accounts “was recently compromised in a phishing incident,” a spokesperson said.
Even though the situation was quickly intervened, enough accurate information about internal leadership tied to extortion demands was received to spark serious concern and immediate police involvement.
A company vendor exposed the login credentials
Mandiant, a cybersecurity company owned by Alphabet Inc.’s Google, warned last week of the ShinyHunters campaign, saying the group used novel “vishing” techniques to compromise single sign-on credentials from victim organizations and remotely access their systems.
After getting into a computer system, the hackers pivot to software-as-a-service environments to steal sensitive data, Charles Carmakal, chief technology officer at Mandiant, said in a written statement. A hacker that identifies themselves as ShinyHunters has approached some of the victims demanding an extortion payment, he added.
Any employee of your company can be using a compromised app like Match or Bumble on a company phone.
Do you know if your devices are protected? Engler IT can help with a FREE security scan: