Charter Data Breach Exposes 4.9 Million Customer Accounts

Extortion gang ShinyHunters claims responsibility for April 1st vishing attack that accessed Salesforce data.

By Byte-Pulse Newsroom·AI-augmented editorial system·May 29, 2026·3 min read
Serhat Er — Founder & Editor-in-ChiefEdited bySerhat Er·Founder & Editor-in-Chief
Updated Jun 15, 2026
Charter Data Breach Exposes 4.9 Million Customer Accounts
Byte-Pulse original cover. Source story: BleepingComputer.

Charter Communications, the U.S. telecom giant behind the Spectrum brand, confirmed a data breach. It exposed personal info from nearly 5 million customer accounts. The incident happened in early April. The extortion gang ShinyHunters says it was a voice phishing (vishing) attack.

The Attack Vector

ShinyHunters claims the breach started April 1st. Attackers compromised an employee's Microsoft Entra account. They used a vishing scheme. This initial access reportedly let them into Charter's Salesforce instance. Salesforce is a popular customer relationship management platform. The gang says they stole 42 million records. That’s a lot. It included names, email addresses, physical addresses, phone numbers, plan details, and some customer proprietary network information (CPNI).

Charter serves over 32 million customers across 41 U.S. states. They initially said no sensitive personal info or CPNI was taken. But the data breach service Have I Been Pwned looked at the data ShinyHunters leaked. They confirmed it impacted 4.9 million unique accounts. Exposed data included names, email addresses, phone numbers, and physical addresses. About 85,000 records, apparently from an internal employee directory, also had job titles.

The Ransom Demand and Leak

ShinyHunters demanded a ransom from Charter. They wanted the stolen data back and destroyed. Charter refused. So, the cybercrime group leaked the compromised info on their dark web site. Byte-Pulse asked Charter for comment about the difference between their initial statement and the gang's CPNI claims. We were just directed back to the company's original statement.

"No sensitive personal information (PI) or customer proprietary network information (CPNI) data was exfiltrated by the threat actor as a result of recent activity," Charter told BleepingComputer.

This incident adds to ShinyHunters' history. They've targeted Salesforce customers before. Over the past year, the group has been linked to many breaches worldwide. They claim to have stolen billions of records using similar attacks.

Context and Impact

This breach shows the ongoing threat from sophisticated social engineering attacks. Even big telecom companies aren't immune. The FBI recently advised victims of ShinyHunters not to pay ransom demands. They say payment doesn't guarantee data deletion. It might even lead to more extortion or sales to other criminals.

Charter Communications is a big player in the U.S. telecom market. They provide internet, mobile, video, and voice services. A breach this size can still impact customers. Even if Charter says sensitive data wasn't compromised. Identity theft, targeted phishing, and spam all increase when personal contact info is leaked.

The FBI recently advised ShinyHunters' victims not to give in to the gang's ransom demands. They'd previously warned that doing so can't guarantee threat actors won't try to sell the stolen data to other cybercriminals or extort them again.

What's Still Unclear:

  • Did CPNI data get exfiltrated? Have I Been Pwned confirmed contact details for 4.9 million accounts were exposed. But confirmation on whether any CPNI data was actually stolen is still missing. Charter sticks to its original stance.
  • How exactly did the vishing work? The specific details of the vishing attack and how the employee's Microsoft Entra account was compromised aren't public.
  • What's the full scope of Salesforce data? ShinyHunters claimed 42 million records. But the complete inventory of data within the compromised Salesforce instance isn't detailed.

Why This Matters:

Charter's data breach highlights the critical need for strong cybersecurity. Defenses must counter evolving social engineering tactics. The incident serves as a stark reminder. Even with solid technical safeguards, human vulnerability is a primary attack vector. It can expose millions of customers to more risks.

Discuss this story

Got a take, a correction, or a follow-up tip? Reply where you read — we read everything.

Found an error? File a correction at /corrections. Substantive corrections are logged publicly.

#charter#data breach#shinyhunters#salesforce#vishing#cybersecurity
Get the 5 tech stories worth your time — 3× a week

One short email. The most important Security news, fact-checked, no fluff. Free, unsubscribe anytime.

More from Security

About the author
AI-augmented editorial system

The Byte-Pulse Newsroom is the editorial system that produces Byte-Pulse's daily tech news coverage. Each story is cross-referenced across 3+ independent outlets, drafted with AI assistance by the newsroom system (Drafter → Editor → Fact-Checker → Polisher), and reviewed by Serhat Er, Editor-in-Chief, before publication. We disclose AI augmentation openly. Editorial accountability stays with the named editor on every article. Tips: editorial@byte-pulse.net.

HardwareAIGamingMobileSecurity
Editorially reviewed on . Spotted an error? Tell us.
From other sections

Don’t miss these

Anker Balkonkraftwerk Deal: Beyond the €977 Price Tag
⚙️ Hardware

Anker Balkonkraftwerk Deal: Beyond the €977 Price Tag

A new Golem-exclusive deal offers a 1.92 kWp Balkonkraftwerk with Anker SOLIX storage for 977 Euro. We cut through the hype to assess its true worth.

By Byte-Pulse Newsroom·1 day ago·7 min0
Blau's €9.99 Xiaomi Bundle: Strategic Play or Consumer Trap?
📱 Mobile

Blau's €9.99 Xiaomi Bundle: Strategic Play or Consumer Trap?

Blau's new bundle offers a Xiaomi smartphone and smartwatch with 40GB data for €9.99/month. We examine the details and long-term implications of this deal.

By Byte-Pulse Newsroom·3 days ago·4 min
Fidji Simo's Health-Driven Exit Tests OpenAI's C-Suite Resilience Amid IPO Plans
🤖 AI

Fidji Simo's Health-Driven Exit Tests OpenAI's C-Suite Resilience Amid IPO Plans

Fidji Simo, a crucial figure in OpenAI's product and business operations, departs due to illness, raising questions about leadership depth ahead of a planned IPO.

By Byte-Pulse Newsroom·3 days ago·8 min0
Black Flag Resynced: A Technical Marvel That Loses Its Assassin's Heart
🎮 Gaming

Black Flag Resynced: A Technical Marvel That Loses Its Assassin's Heart

Byte-Pulse investigates if Assassin's Creed Black Flag Resynced is a true remake or a cynical cash grab

By Byte-Pulse Newsroom·5 days ago·4 min
🚗 EV & Auto

Tesla Model 3 vs Polestar 2: Choosing Your Next EV Wisely

A balanced breakdown of Tesla Model 3 and Polestar 2. Compare specs, performance, design, and more to find the right EV for you.

By Serhat Er·Jun 26, 2026·6 min0
Eneloop AAA Deal: Rechargeable Batteries Hit Lowest Price, Boosting Long-Term Value Argument
⚙️ Hardware

Eneloop AAA Deal: Rechargeable Batteries Hit Lowest Price, Boosting Long-Term Value Argument

Byte-Pulse examines the latest Eneloop AAA battery deal, highlighting its long-term economic and environmental benefits compared to standard alkaline options.

By Byte-Pulse Newsroom·Jul 06, 2026·5 min0
Cookies & ads

We fund this site through ads (Google AdSense and others) and use analytics to see what works. Both may set cookies. You decide what is OK — your choice is remembered.

Details in our Privacy Policy.