Home > Security > Security News

ShinyHunters Publishes Infinite Campus Data in Extortion Campaign Linked to Salesforce, 137,000+ Emails Exposed

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Online Learning - Education - Student - Courses - e-Learning
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Targeted Attack: Infinite Campus was hit by a ShinyHunters "pay or leak" extortion campaign in March 2026.
  • Data Published: The cybersecurity incident affected more than 137,000 unique email addresses tied to the system.
  • Mostly Directory Info: Infinite Campus said the attackers accessed mostly school staff contact details via a Salesforce account.

The student information system Infinite Campus was targeted in March 2026 in a ShinyHunters "pay or leak" extortion campaign linked to a compromised Salesforce account. The group later published data it alleged was taken from Infinite Campus. The data breach containing over 137,000 compromised accounts was added to breach notification service Have I Been  Pwned (HIBP) on June 15, 2026.

The "pay or leak" model the group used pressures victims to pay before stolen data is made public, ultimately posting the records. Yet, Infinite Campus says much of this information mirrors publicly available school directory details.

What ShinyHunters Published

ShinyHunters released a dataset it claimed came from Infinite Campus, and according to HIBP, the data contained 137,123 unique email addresses, along with related information. The breach involved the following confirmed data types:

ShinyHunters lists Infinite Campus on its dark web site | Source: BleepingComputer
ShinyHunters lists Infinite Campus on its dark web site | Source: BleepingComputer
Infinite Campus breach notification message | Source: AceVenturaIsMyHero via Reddit
Infinite Campus breach notification message | Source: AceVenturaIsMyHero via Reddit

Infinite Campus sent notifications to affected parties following the data breach. The company's reported breach notification messages said an unnamed unauthorized actor accessed an employee's Salesforce account.

How Infinite Campus Responded

The company advised that the exposed data largely consisted of names and contact information for school staff. It also stated that the majority of the information is directory information commonly found on school websites, framing the exposure as less sensitive than a typical personal data breach.

Schools and staff connected to Infinite Campus should review the notifications they received for specific guidance tied to this incident.

Last month alone, ShinyHunters was connected to breaches of Charter Communications, Kemper Corporation, Ameriprise Financial, 7-Eleven Inc., Woflow Inc., and Vimeo.

Add a Comment
Related
Nintendo Data Breach: Hacker Claims Stealing Approximately 860 MB via TINYpulse Systems
Cyber Job Moves: From Boardroom Shifts to AI Security Bets, Cyber Firms Reshape Leadership | Week of June 14-20
Weekly Cybersecurity Roundup: Major Law Enforcement Takedowns, University Breaches, Deepfake Victims, and Romance Lures
Hacktivist Groups 4BID, Hakerskii Kit, and C.A.S. Broaden Attack Geography, Report Says
Whatsapp Privacy Issue
WhatsApp Disrupts New NSO Group Spyware Campaign, Files Contempt Order
Hacker - Spy - Laptop - Data
New PyPI Wave in Mini Shai-Hulud, Miasma, and Hades Campaign: 23 New Malicious PyPI Artifacts
Most Popular
Nintendo Data Breach: Hacker Claims Stealing Approximately 860 MB via TINYpulse Systems
Cyber Job Moves: From Boardroom Shifts to AI Security Bets, Cyber Firms Reshape Leadership | Week of June 14-20
Weekly Cybersecurity Roundup: Major Law Enforcement Takedowns, University Breaches, Deepfake Victims, and Romance Lures
Supply Chain Incidents Reveal the True State of Incident Response as Security, IT, and OT Teams Struggle to Assign Accountability 
ExpressAI Video Analysis Arrives With Gemma 4 31B Model
ExpressAI Adds Google's Gemma 4 31B Model, Bringing Video Analysis to Pro Users
How Microsoft Copilot Studio Creator Permissions Expand the Blast Radius of Prompt Injection Attacks
Nintendo Data Breach: Hacker Claims Stealing Approximately 860 MB via TINYpulse Systems
Cyber Job Moves: From Boardroom Shifts to AI Security Bets, Cyber Firms Reshape Leadership | Week of June 14-20
Weekly Cybersecurity Roundup: Major Law Enforcement Takedowns, University Breaches, Deepfake Victims, and Romance Lures
Supply Chain Incidents Reveal the True State of Incident Response as Security, IT, and OT Teams Struggle to Assign Accountability 
ExpressAI Adds Google's Gemma 4 31B Model, Bringing Video Analysis to Pro Users
How Microsoft Copilot Studio Creator Permissions Expand the Blast Radius of Prompt Injection Attacks

Most Popular
Nintendo Data Breach: Hacker Claims Stealing Approximately 860 MB via TINYpulse Systems
Cyber Job Moves: From Boardroom Shifts to AI Security Bets, Cyber Firms Reshape Leadership | Week of June 14-20
Weekly Cybersecurity Roundup: Major Law Enforcement Takedowns, University Breaches, Deepfake Victims, and Romance Lures
Supply Chain Incidents Reveal the True State of Incident Response as Security, IT, and OT Teams Struggle to Assign Accountability 
ExpressAI Video Analysis Arrives With Gemma 4 31B Model
ExpressAI Adds Google's Gemma 4 31B Model, Bringing Video Analysis to Pro Users
How Microsoft Copilot Studio Creator Permissions Expand the Blast Radius of Prompt Injection Attacks
Nintendo Data Breach: Hacker Claims Stealing Approximately 860 MB via TINYpulse Systems
Cyber Job Moves: From Boardroom Shifts to AI Security Bets, Cyber Firms Reshape Leadership | Week of June 14-20
Weekly Cybersecurity Roundup: Major Law Enforcement Takedowns, University Breaches, Deepfake Victims, and Romance Lures
Supply Chain Incidents Reveal the True State of Incident Response as Security, IT, and OT Teams Struggle to Assign Accountability 
ExpressAI Adds Google's Gemma 4 31B Model, Bringing Video Analysis to Pro Users
How Microsoft Copilot Studio Creator Permissions Expand the Blast Radius of Prompt Injection Attacks

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: