Charter Communications confirmed it this week. The ShinyHunters extortion gang breached the company in early April through voice phishing, compromised an employee's Microsoft Entra account, and pulled records from a Salesforce database used to manage customer accounts. Charter refused to pay the ransom. ShinyHunters published the data.
Have I Been Pwned analyzed the leak and confirmed 4.9 million accounts exposed. The records contained names, email addresses, phone numbers, and physical addresses. Not payment credentials. Not login data. Location data.
For a home-based operator or sole proprietor running a business from a residential address, that Salesforce record built by your ISP maps to your front door. Your name and physical address are now indexed on a dark web leak site, available to anyone with access to ShinyHunters' pages.
Charter operates under the Spectrum brand and serves over 32 million customers in 41 states. The point of intrusion was a Salesforce instance the average subscriber never consented to and almost certainly never knew existed. The breach didn't target you. You were a record in someone else's infrastructure.
This is what network exposure looks like when the perimeter you assumed was private was never under your control.
Reported by Bleeping Computer, May 29, 2026.
If your ISP account maps to a residential address you also use as your business address, do you know how many third-party systems that record lives in?
RuleDraft.com