Charter Data Breach Exposes 4.9 Million Customer Accounts
Extortion gang ShinyHunters claims responsibility for April 1st vishing attack that accessed Salesforce data.
Charter Communications, the U.S. telecom giant behind the Spectrum brand, confirmed a data breach. It exposed personal info from nearly 5 million customer accounts. The incident happened in early April. The extortion gang ShinyHunters says it was a voice phishing (vishing) attack.
The Attack Vector
ShinyHunters claims the breach started April 1st. Attackers compromised an employee's Microsoft Entra account. They used a vishing scheme. This initial access reportedly let them into Charter's Salesforce instance. Salesforce is a popular customer relationship management platform. The gang says they stole 42 million records. That’s a lot. It included names, email addresses, physical addresses, phone numbers, plan details, and some customer proprietary network information (CPNI).
Charter serves over 32 million customers across 41 U.S. states. They initially said no sensitive personal info or CPNI was taken. But the data breach service Have I Been Pwned looked at the data ShinyHunters leaked. They confirmed it impacted 4.9 million unique accounts. Exposed data included names, email addresses, phone numbers, and physical addresses. About 85,000 records, apparently from an internal employee directory, also had job titles.
The Ransom Demand and Leak
ShinyHunters demanded a ransom from Charter. They wanted the stolen data back and destroyed. Charter refused. So, the cybercrime group leaked the compromised info on their dark web site. Byte-Pulse asked Charter for comment about the difference between their initial statement and the gang's CPNI claims. We were just directed back to the company's original statement.
"No sensitive personal information (PI) or customer proprietary network information (CPNI) data was exfiltrated by the threat actor as a result of recent activity," Charter told BleepingComputer.
This incident adds to ShinyHunters' history. They've targeted Salesforce customers before. Over the past year, the group has been linked to many breaches worldwide. They claim to have stolen billions of records using similar attacks.
Context and Impact
This breach shows the ongoing threat from sophisticated social engineering attacks. Even big telecom companies aren't immune. The FBI recently advised victims of ShinyHunters not to pay ransom demands. They say payment doesn't guarantee data deletion. It might even lead to more extortion or sales to other criminals.
Charter Communications is a big player in the U.S. telecom market. They provide internet, mobile, video, and voice services. A breach this size can still impact customers. Even if Charter says sensitive data wasn't compromised. Identity theft, targeted phishing, and spam all increase when personal contact info is leaked.
The FBI recently advised ShinyHunters' victims not to give in to the gang's ransom demands. They'd previously warned that doing so can't guarantee threat actors won't try to sell the stolen data to other cybercriminals or extort them again.
What's Still Unclear:
- Did CPNI data get exfiltrated? Have I Been Pwned confirmed contact details for 4.9 million accounts were exposed. But confirmation on whether any CPNI data was actually stolen is still missing. Charter sticks to its original stance.
- How exactly did the vishing work? The specific details of the vishing attack and how the employee's Microsoft Entra account was compromised aren't public.
- What's the full scope of Salesforce data? ShinyHunters claimed 42 million records. But the complete inventory of data within the compromised Salesforce instance isn't detailed.
Why This Matters:
Charter's data breach highlights the critical need for strong cybersecurity. Defenses must counter evolving social engineering tactics. The incident serves as a stark reminder. Even with solid technical safeguards, human vulnerability is a primary attack vector. It can expose millions of customers to more risks.
Discuss this story
Got a take, a correction, or a follow-up tip? Reply where you read — we read everything.
Found an error? File a correction at /corrections. Substantive corrections are logged publicly.
One short email. The most important Security news, fact-checked, no fluff. Free, unsubscribe anytime.
More from Security

Apple's Rare Third macOS RC: Unpacking Security Concerns
Byte-Pulse explores the implications of Apple's unusual third Release Candidate for macOS updates, examining the severity of unannounced security fixes and their impact on European users

Google’s Legal Battle Against AI-Driven Cybercrime: Examining Outsider Enterprise
Google's lawsuit against Outsider Enterprise exposes differences in victim counts and sheds light on AI's role in cybercrime.

iOS 26.5 Update Addresses Over 50 Security Vulnerabilities—Update Now
Apple's iOS 26.5 fixes over 50 security flaws. Update your iPhone now to stay secure.

Malware Disguised as OpenAI Found on Hugging Face
A fake OpenAI repo on Hugging Face pushed malware disguised as AI tools, targeting Windows users with info-stealing tactics.
The Byte-Pulse Newsroom is the editorial system that produces Byte-Pulse's daily tech news coverage. Each story is cross-referenced across 3+ independent outlets, drafted with AI assistance by the newsroom system (Drafter → Editor → Fact-Checker → Polisher), and reviewed by Serhat Er, Editor-in-Chief, before publication. We disclose AI augmentation openly. Editorial accountability stays with the named editor on every article. Tips: editorial@byte-pulse.net.
Don’t miss these

Anker Balkonkraftwerk Deal: Beyond the €977 Price Tag
A new Golem-exclusive deal offers a 1.92 kWp Balkonkraftwerk with Anker SOLIX storage for 977 Euro. We cut through the hype to assess its true worth.

Blau's €9.99 Xiaomi Bundle: Strategic Play or Consumer Trap?
Blau's new bundle offers a Xiaomi smartphone and smartwatch with 40GB data for €9.99/month. We examine the details and long-term implications of this deal.

Fidji Simo's Health-Driven Exit Tests OpenAI's C-Suite Resilience Amid IPO Plans
Fidji Simo, a crucial figure in OpenAI's product and business operations, departs due to illness, raising questions about leadership depth ahead of a planned IPO.

Black Flag Resynced: A Technical Marvel That Loses Its Assassin's Heart
Byte-Pulse investigates if Assassin's Creed Black Flag Resynced is a true remake or a cynical cash grab
Tesla Model 3 vs Polestar 2: Choosing Your Next EV Wisely
A balanced breakdown of Tesla Model 3 and Polestar 2. Compare specs, performance, design, and more to find the right EV for you.

Eneloop AAA Deal: Rechargeable Batteries Hit Lowest Price, Boosting Long-Term Value Argument
Byte-Pulse examines the latest Eneloop AAA battery deal, highlighting its long-term economic and environmental benefits compared to standard alkaline options.