ShinyHunters claims Okta customer breaches, leaks data belonging to 3 orgs

ShinyHunters has claimed responsibility for an Okta voice-phishing campaign during which the extortionist crew allegedly gained access to Crunchbase and Betterment.

On Friday, the criminals leaked data allegedly stolen from market-intel broker Crunchbase, streaming platform SoundCloud, and financial-tech firm Betterment, and confirmed to The Register that they gained access to two of the three - Crunchbase and Betterment - by voice-phishing Okta single-sign-on codes.

SoundCloud in December confirmed it had been breached and the crooks accessed data belonging to about 20 percent of its users, which translates to about 28 million people, based on the company's publicly available customer count.

When asked about ShinyHunters' claims, a SoundCloud spokesperson told us that the streaming platform is "aware that a threat actor group has published data online allegedly taken from our organization," and directed users to a January 13 blog update for more information. "Please know that our security team - supported by leading ...