Data Breach Technology / Business Intelligence · United States · January 2026

Crunchbase

Analysis of the Crunchbase data breach exposing 2 million records including internal documents and contracts.

Records Affected

2 million records

Attack Type

Data Breach

Location

United States

Data types exposed

PII signed corporate contracts internal documents corporate data subscriber information

What Happened

In January 2026, approximately 2 million records from Crunchbase were reported exposed. The compromised data reportedly includes names, contact details, addresses, job information, contracts, and internal documents.
The inclusion of internal documents and contracts not available through Crunchbase's public platform makes this data particularly useful for competitive intelligence gathering and business email compromise attacks.

Timeline

  • December 2025 — ShinyHunters compromise Okta SSO credentials via voice phishing
  • January 24, 2026 — Stolen data posted on ShinyHunters leak site
  • January 26, 2026 — Crunchbase confirms the incident and states systems have been secured

Threat Actor Profile

ShinyHunters targeted Crunchbase as part of their coordinated early 2026 campaign exploiting Okta SSO credentials via vishing attacks.

Impact and Risk Assessment

For Individuals

Subscriber PII including names and contact details may be used for targeted phishing and social engineering.
Individuals whose information appears in signed corporate contracts may face business email compromise attempts.

For Organisations

Signed corporate contracts and internal documents not available through Crunchbase's public platform may reveal confidential business arrangements.
The data could be leveraged for competitive intelligence gathering and targeted business email compromise attacks.

Regulatory Context

US state data breach notification laws apply to the exposed PII. GDPR may apply for any EU-resident subscriber data.

What Should You Do?

For Individuals

  • If you have a Crunchbase account, change your password and enable the strongest available MFA option.
  • Be alert to unsolicited emails referencing business relationships or contracts that may have been revealed in the breach.

For Security Professionals

  • Assess whether any confidential business information your organisation shared with or through Crunchbase may have been exposed.
  • Monitor for business email compromise attempts that leverage knowledge of your organisation's partnerships or funding relationships.

Learnings and Recommendations

Business intelligence platforms hold data that extends well beyond what is publicly accessible. Internal documents and contracts can be leveraged for targeted business email compromise attacks.
Organisations should review their exposure to this incident if they have business relationships tracked through Crunchbase.
This advisory summarises a publicly reported cybersecurity incident for educational purposes. Information is sourced from publicly available reports and may include claims that are unverified or disputed. Inclusion does not imply fault or negligence by the affected organisation.
Back to all advisories