ShinyHunters issues final warning to Cisco over alleged data theft

The threat group ShinyHunters has issued a final warning to Cisco, demanding contact by April 3, 2026, before it begins leaking data it claims to have stolen. The group has been publishing data linked to earlier Salesforce-related incidents affecting companies worldwide, according to HackRead.ShinyHunters alleges access to data from three breach paths: UNC6040, Salesforce Aura, and compromised AWS accounts, claiming over three million Salesforce records, PII, GitHub repositories, AWS storage, and internal corporate data were exfiltrated. The group’s reference to UNC6040 aligns with Cisco’s own published details about a vishing campaign targeting employees for system and customer data access, suggesting social engineering as a potential entry point.Leaked images appear to show access to Cisco’s AWS environment, including an organizational dashboard and storage buckets, indicating broad visibility across cloud infrastructure. ShinyHunters has a history of claiming access to…