Crunchbase
Analysis of the Crunchbase data breach exposing 2 million records including internal documents and contracts.
Published by the Scrutex.ai Research Team | January 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
Crunchbase
Business intelligence platform providing company and funding data for the startup ecosystem, used by investors, entrepreneurs, and sales professionals worldwide.
Sector
Technology / Business Intelligence
Region
United States
Date of Incident
December 2025 (initial SSO compromise)
Date Disclosed
January 24, 2026 (data posted); January 26, 2026 (Crunchbase confirmed)
Estimated Impact
2 million records
Data Types Exposed
PII, signed corporate contracts, internal documents, corporate data, subscriber information
Attack Type
Data Breach
Attack Vector
Voice phishing (vishing) targeting Okta SSO credentials to bypass MFA
Threat Actor
ShinyHunters
Current Status
Crunchbase confirmed incident. Systems secured. No class actions or regulatory penalties reported as of February 2026.
Severity Assessment
High. Over 2 million records including corporate contracts and internal documents. Part of broader ShinyHunters campaign targeting SSO credentials.
What Happened
In January 2026, approximately 2 million records from Crunchbase were reported exposed. The compromised data reportedly includes names, contact details, addresses, job information, contracts, and internal documents.
The inclusion of internal documents and contracts not available through Crunchbase's public platform makes this data particularly useful for competitive intelligence gathering and business email compromise attacks.
Timeline
December 2025
ShinyHunters compromise Okta SSO credentials via voice phishing
January 24, 2026
Stolen data posted on ShinyHunters leak site
January 26, 2026
Crunchbase confirms the incident and states systems have been secured
Threat Actor Profile
ShinyHunters targeted Crunchbase as part of their coordinated early 2026 campaign exploiting Okta SSO credentials via vishing attacks.
Impact and Risk Assessment
For Affected Individuals
Subscriber PII including names and contact details may be used for targeted phishing and social engineering.
Individuals whose information appears in signed corporate contracts may face business email compromise attempts.
For Organisations
Signed corporate contracts and internal documents not available through Crunchbase's public platform may reveal confidential business arrangements.
The data could be leveraged for competitive intelligence gathering and targeted business email compromise attacks.
Regulatory Context
US state data breach notification laws apply to the exposed PII. GDPR may apply for any EU-resident subscriber data.
What Should You Do?
If You Are a Potentially Affected Individual
If you have a Crunchbase account, change your password and enable the strongest available MFA option.
Be alert to unsolicited emails referencing business relationships or contracts that may have been revealed in the breach.
If You Are a Security or Risk Professional
Assess whether any confidential business information your organisation shared with or through Crunchbase may have been exposed.
Monitor for business email compromise attempts that leverage knowledge of your organisation's partnerships or funding relationships.
Learnings and Recommendations
Business intelligence platforms hold data that extends well beyond what is publicly accessible. Internal documents and contracts can be leveraged for targeted business email compromise attacks.
Organisations should review their exposure to this incident if they have business relationships tracked through Crunchbase.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.