Charter Communications Breach Exposes 4.9 Million Accounts to ShinyHunters
ShinyHunters — the extortion gang behind the Ticketmaster, Santander, and AT&T breaches — has claimed another major US telecom. The group hacked Charter Communications in early April 2026, exfiltrating personal data from approximately 4.9 million customer accounts. The breach surfaced when Have I Been Pwned (HIBP) indexed the stolen dataset and began notifying subscribers. Charter operates as Spectrum, one of the largest cable and internet providers in the United States, and has not yet published a detailed public disclosure.
Why It Matters
Telecom breaches carry outsized risk compared to most data exposures. Spectrum account records typically include full legal names, home addresses, phone numbers, account numbers, service plan details, and billing information — plus potentially Social Security digits or government ID fragments collected during credit checks at signup.
Phone numbers paired with account details are the primary enabler of SIM-swap attacks: an adversary convinces carrier support to port your number to a SIM they control, at which point SMS-based two-factor authentication on your bank, email, and any other account becomes worthless. ShinyHunters has a documented pattern of monetizing telecom data this way or selling it directly to SIM-swap brokers.
The timing is a red flag. The data was stolen in early April but is only now being indexed publicly — a gap that typically reflects weeks of validation, enrichment, and early private sales to high-paying buyers. Targeted attacks against valuable accounts in the dataset may already be in motion.
What To Do
If you are a Charter/Spectrum customer, or manage users who are:
- Check HIBP now. Search your email at haveibeenpwned.com and enable breach notifications if you haven't already.
- Set a port-out PIN on your Spectrum account. This is the single highest-leverage action against SIM swapping. Log in to your Spectrum account or call Charter support directly to set an account passcode that must be provided before any number port or SIM change is authorized.
- Replace SMS 2FA with an authenticator app on every account where SMS is currently your second factor — prioritize email, banking, and any SSO-gated corporate access.
- Expect pretexting calls. Attackers holding your account details will sound credible impersonating Spectrum support, bank fraud teams, or government agencies. Hang up and call back on a number you locate independently.
- Freeze your credit at Equifax, Experian, and TransUnion if Charter collected SSN data during your signup. It's free and blocks new account fraud at the source.
For security teams: flag Charter/Spectrum account emails in your dark-web monitoring feeds and assess whether employees or executives in your organization are likely in the exposed dataset. Telecom breach data frequently seeds targeted corporate intrusion campaigns via SIM-swapped admin or SSO accounts — treat this as a threat-intel item, not just an HR notice.
Synthesized by Claude · sanity-checked before publish.