---
title: "Charter Data Breach Exposes 4.9 Million Accounts After Hack"
date: 2026-05-29
author: "Sofia Ramirez"
featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2026/05/charter-communications-confirm-4-9m-customers-affected.jpg"
categories:
  - name: "Cybersecurity"
    url: "/cybersecurity.md"
tags:
  - name: "News"
    url: "/tag/news.md"
---

# Charter Data Breach Exposes 4.9 Million Accounts After Hack

A data breach at Charter Communications has exposed 4.9 million accounts after the ShinyHunters cybercrime group claimed it stole customer information through a voice phishing attack targeting the company’s cloud environment.

## Quick Summary – TLDR:

- Charter Communications confirmed a cybersecurity incident following claims by ShinyHunters.
- Have I Been Pwned verified that data linked to 4.9 million unique accounts was exposed.
- Attackers allegedly gained access through a vishing attack that compromised a Microsoft Entra account and later accessed Salesforce data.
- Charter says no sensitive personal information or customer proprietary network information (CPNI) was exposed.

## What Happened?

Charter Communications, the parent company of the **Spectrum brand**, has confirmed a cybersecurity incident after the ShinyHunters extortion group claimed responsibility for stealing customer data from the company’s systems. The breach has drawn attention because of its alleged connection to a voice phishing attack and the exposure of millions of customer records.

According to claims made by the threat group and subsequent analysis by **Have I Been Pwned**, the leaked data includes information tied to approximately 4.9 million unique accounts.

> ‼️ ShinyHunters has leaked 42 Million records of data from Charter Communications.  
>   
> DentaQuest has also been relisted after being taken down due to possible negotiations. [pic.twitter.com/J8414aI5Ib](https://t.co/J8414aI5Ib)
> 
> — Dark Web Informer (@DarkWebInformer) [May 28, 2026](https://x.com/DarkWebInformer/status/2060022175831109739?ref_src=twsrc%5Etfw)

 ## Alleged Attack Began With a Voice Phishing Campaign

The incident reportedly started on April 1, 2026, when attackers used a [**voice phishing**, or **vishing**](https://sqmagazine.co.uk/voice-phishing-statistics/), technique to trick an employee into providing access to a company account.

ShinyHunters claims the attack resulted in the compromise of a **Microsoft Entra** account. Once inside, the attackers allegedly leveraged that access to reach Charter’s **Salesforce** environment, where customer data was stored.

Security experts say this type of attack highlights a growing trend in which cybercriminals target identity systems rather than traditional network defenses. By compromising a single authentication account, attackers can potentially gain access to multiple cloud services and business applications.

Andrew Chipman, GRC manager at **ProCircular**, emphasized the human element behind such incidents, stating:

“

The Charter breach is a reminder that the most sophisticated security stack in the world can be undone by a convincing phone call.

Andrew ChipmanGRC manager – ProCircular





## 4.9 Million Accounts Confirmed in Leaked Dataset

While ShinyHunters claimed it stole more than **42 million customer records**, independent analysis of the leaked data found evidence affecting **4,851,517 unique accounts**.

According to Have I Been Pwned, the exposed information includes:

- **Email addresses**
- **Names**
- **Phone numbers**
- **Physical addresses**
- **Job titles in some cases**

Researchers also identified a subset of roughly **85,000 records** linked to an internal employee directory. Those records reportedly contained employee job title information in addition to contact details.

The threat group later published the data after Charter allegedly refused to meet its ransom demands.

## Charter Disputes Sensitive Data Exposure Claims

Despite acknowledging the security incident, Charter maintains that no highly sensitive customer information was compromised.

The company stated that no **sensitive personal information** or **customer proprietary network information (CPNI)** was exfiltrated during the attack.

However, ShinyHunters has disputed that assessment, claiming additional customer information was obtained from the company’s systems. Charter has not publicly confirmed the full scope of the attackers’ claims and has referred to its original statement when asked for further comment.

The company says it is continuing its investigation and is coordinating with law enforcement authorities.

## Why Identity Platforms Are Becoming Prime Targets?

The Charter incident reflects a broader shift in [cyberattacks](https://sqmagazine.co.uk/cybersecurity-attacks-statistics/) aimed at cloud based identity and authentication systems.

Modern organizations rely heavily on platforms such as **Microsoft Entra**, **Salesforce**, **Okta**, and other software services connected through single sign on technology. While these systems improve convenience and productivity, they can also become valuable targets because one compromised account may unlock access to multiple business applications.

Over the past year, ShinyHunters has been linked to several campaigns targeting [Salesforce](https://sqmagazine.co.uk/salesforce-statistics/) customers. The group has claimed responsibility for attacks affecting organizations across multiple industries and has repeatedly used extortion tactics to pressure victims into paying for the deletion of stolen data.

The **FBI** has previously warned organizations against paying ransomware or extortion demands, noting that payment does not guarantee stolen information will be deleted or remain private.

## SQ Magazine Takeaway

I think this breach shows how cybersecurity is increasingly becoming an **identity security problem rather than just a network security problem**. The most striking part of this incident is that a simple phone-based social engineering attack allegedly opened the door to millions of records.

Companies can invest heavily in security tools, but if attackers can successfully manipulate employees, the consequences can still be massive. This case is another reminder that employee awareness, phishing resistant authentication, and tighter controls around cloud platforms are becoming just as important as traditional cybersecurity defenses.