Crunchbase confirmed a data breach on January 26, 2026, after the cybercrime group ShinyHunters claimed to have stolen more than 2 million records from the company’s corporate network and published samples of the data.
The market intelligence firm stated that a threat actor gained unauthorized access to its systems and removed certain documents. Crunchbase said it is working with cybersecurity experts and law enforcement to investigate the incident, but did not disclose how the breach occurred or the exact scope of the compromised data.
ShinyHunters posted roughly 400 MB of compressed files on its dark web leak site after Crunchbase allegedly refused ransom demands. The leaked data reportedly includes employee records, signed contracts, internal corporate documents, and other sensitive materials containing personally identifiable information (PII). Hudson Rock CTO Alon Gal reviewed samples and confirmed the files originated from Crunchbase systems.
Also Read:
– Major Cyber Attacks and Data Breaches in January 2026
– Major Cyber Attacks and Data Breaches in January 2026. What the First Month of 2026 Is Already Revealing
The incident appears linked to a broader ShinyHunters campaign targeting Okta single-sign-on (SSO) accounts through voice-phishing, as the group claimed responsibility for similar breaches at Betterment and SoundCloud. Crunchbase had not previously disclosed the breach before the group’s leak.
Crunchbase, which spun out from TechCrunch in 2015 and serves as a key data source for startups, investors, and sales teams, has not released details on affected users or potential risks. The company advised monitoring for phishing attempts and said it is taking steps to secure its environment.
No financial impact or customer data exposure has been confirmed yet. The breach adds to recent high-profile incidents involving data brokers and intelligence platforms, highlighting ongoing risks for companies handling sensitive business information.
