- Infinite Campus Hit by ShinyHunters Via Salesforce Account Breach
- Theft of staff names and contact information; customer data is not affected
- The group added a company to the leak site and demanded a ransom by March 25 amid a broader campaign targeting Salesforce
Popular student information system (SIS) Infinite Campus has confirmed to have suffered a data breach at the hands of the infamous ShinyHunters group, which is now trying to extort money from the company.
In a data breach notification letter, shared with affected individuals and later posted on Reddit, Infinite Campus said that an unauthorized actor accessed an employee’s Salesforce account on March 18, 2026, but was quickly banned after IT and security teams were alerted.
However, before they were expelled, the attacker managed to obtain the names and contact information of school staff. Infinite Campus says most of the data they obtained “is commonly found on school websites” and that customer information was not hacked or stolen.
Article continues below.
ShinyHunters takes the blame
While the organization did not name the perpetrators, it did say they are a “known group.” That didn’t stop the attackers from reaching out and trying to extort money from the organization. “Infinite Campus has not and will not engage with the unauthorized actor,” it said, before adding that it disabled some customer support services for users without IP addresses.
own to target the Salesforce accounts of hundreds of companies,” which hints at ShinyHunters.
At the same time, the group added Infinite Campus to its data breach site, giving a deadline of March 25, 2026 for payment, or it would release all stolen files on the dark web.
They claim to have taken Salesforce records containing personally identifiable information (PII) and various internal corporate data.
ShinyHunters has been running campaigns against Salesforce clients for several months, including Cisco, Adidas, Qantas and Allianz Life.
In the case of attackers, they would use voice phishing (vishing) to trick employees into granting access or stealing OAuth tokens, and then use the access to exfiltrate CRM data. The data is then returned in exchange for bitcoin or monero.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
