ShinyHunters breached SoundCloud in December 2025. On January 23, 2026, they leaked the data and confirmed active voice phishing campaigns against Okta, Microsoft Entra, and Google accounts.
This episode breaks down their technique. Attackers call employees posing as IT support. They run real-time phishing kits that capture credentials and MFA prompts while the victim stays on the line. Crunchbase and Betterment fell to this method.
You will learn:
How ShinyHunters weaponizes stolen data from prior breaches to make social engineering calls more convincing
Why traditional MFA fails when attackers coach victims through approval in real time
Three specific defenses your organization needs to implement today
The breach-to-breach pattern that makes each attack more effective than the last
One breach feeds the next attack. Your defenses need to account for this reality.
Contact: trevor.wiseman@thecircuitllc.com
