ShinyHunters’ 22-Year-Old Member Pleads Guilty to Cyber Extortion, Causing $6 Million in Damage

Estimated read time 2 min read


How safe is your company from phishing attacks? A 22-year-old French citizen recently pleaded guilty1 in the United States for his role in a criminal group known as ShinyHunters. The group targeted dozens of companies and extorted them using stolen customer data, leading to damages of approximately $6 million.

How ShinyHunters Operated

The French hacker was skilled in creating phishing websites2, replicating the login pages of targeted companies. Isn’t it alarming how easy it is for criminals to clone legitimate websites? Employees were then tricked into logging into these fake pages via phishing emails.

Once victims entered their credentials, the data was sent back to ShinyHunters. With these login details in hand, the group members accessed various accounts to dig for additional data and credentials.

Accessing Cloud Storage and More

Don’t you think it’s time to reconsider the security of third-party services? The criminals were able to gain entry into cloud storage services, third-party service providers, and company networks. Here, they stole even more sensitive data, proving that the breach of a single account can have a domino effect3.

Extortion and Public Threats

If companies did not pay the ransom, ShinyHunters threatened to release the stolen data publicly. We believe this highlights the urgency for companies to strengthen their cyber defenses. According to the indictment, the attacks led to the theft of hundreds of millions of customer records.

Legal Consequences

The French hacker was arrested last year in Morocco and was extradited to the U.S. earlier this year. He faces a maximum prison sentence of nearly 30 years. However, he has struck a plea deal, which will likely result in a reduced sentence.

Questions Answered

  • How did ShinyHunters operate? Through phishing websites and emails to steal credentials.
  • What did they do with the stolen data? Used it for extortion and threatened public exposure.
  • What are the legal consequences for the French hacker? A maximum prison sentence of nearly 30 years, possibly reduced due to a plea deal.


  1. ↩︎
  2. ↩︎
  3. ↩︎
Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author

+ There are no comments

Add yours