Hackers have stolen the private and call data of almost 1 million accounts after breaching the programs of Determine Know-how Options, a self-described blockchain-native monetary know-how firm.
Based in 2018, Determine makes use of the Provenance blockchain for lending, borrowing, and securities buying and selling, and has unlocked over $22 billion in house fairness with over 250 companions, together with banks, credit score unions, fintechs, and residential enchancment firms.
Whereas the blockchain lender did not publicly disclose the incident, a Determine spokesperson advised TechCrunch on Friday that the attackers stole “a restricted variety of recordsdata” in a social engineering assault.
BleepingComputer has additionally reached out to Determine with additional questions in regards to the breach, however a response was not instantly out there.
Though the corporate has but to share what number of people had been affected by the information breach, notification service Have I Been Pwned has now revealed the extent of the incident, reporting that information from 967,200 accounts was stolen within the assault.
“In February 2026, information obtained from the fintech lending platform Determine was publicly posted on-line,” Have I Been Pwned stated on Wednesday.
“The uncovered information, relationship again to January 2026, contained over 900k distinctive e-mail addresses together with names, telephone numbers, bodily addresses and dates of beginning. Determine confirmed the incident and attributed it to a social engineering assault by which an worker was tricked into offering entry.”
The ShinyHunters extortion group claimed duty for the breach and added the corporate to its darkish internet leak website, leaking 2.5GB of knowledge allegedly stolen from hundreds of mortgage candidates.
In latest weeks, ShinyHunters claimed related breaches at Canada Goose, Panera Bread, Betterment, SoundCloud, PornHub, and CrowdStrike.
Whereas not all of them are a part of the identical marketing campaign, a few of these victims had been breached in a voice phishing (vishing) marketing campaign concentrating on single sign-on (SSO) accounts at Okta, Microsoft, and Google throughout greater than 100 high-profile organizations.
The attackers are impersonating IT assist, calling their targets’ staff and tricking them into coming into credentials and multi-factor authentication (MFA) codes on phishing websites that impersonate their firms’ login portals.
As soon as in, they acquire entry to the sufferer’s SSO account, which offers them with entry to different linked enterprise purposes and companies, together with Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Zendesk, Dropbox, Adobe, Atlassian, and plenty of others.
As a part of this marketing campaign, ShinyHunters additionally breached on-line relationship large Match Group, which owns a number of fashionable relationship companies, together with Tinder, Hinge, Meetic, Match.com, and OkCupid.
Fashionable IT infrastructure strikes sooner than handbook workflows can deal with.
On this new Tines information, find out how your crew can cut back hidden handbook delays, enhance reliability by means of automated response, and construct and scale clever workflows on high of instruments you already use.
