Ethical Hacking News
Infinite Campus has warned of a data breach following an extortion attempt by ShinyHunters, who claimed to have stolen 6.8 million users' data. The company has disabled customer-facing services and is scanning compromised Salesforce data to minimize risk. Despite the incident, Infinite Campus stated that no customer databases were accessed.
Infinite Campus notified its customers of a data breach following an extortion attempt by ShinyHunters. The hackers accessed an employee's Salesforce account, exposing publicly available information. Infinite Campus will not engage with the attacker and is scanning all potentially compromised Salesforce data. No customer databases were accessed, but sensitive staff contact details were exposed.
In a recent breach notification sent to its customers, Infinite Campus, a widely used K-12 student information system, has warned of a data breach following an extortion attempt by the threat actor group known as ShinyHunters. The company stated that hackers accessed an employee's Salesforce account, exposing information that was mostly publicly available.
The incident comes shortly after ShinyHunters claimed the attack and posted a “final warning” on its dark web site yesterday, threatening to leak all data allegedly stolen from Infinite Campus. The hackers gave the company until March 25 to initiate contact and negotiate a ransom to prevent a data leak. However, Infinite Campus said that it will not engage with the attacker.
Infinite Campus is a U.S.-based education technology (EdTech) company that provides a student information system (SIS) to more than 3,200 school districts in the United States. Currently, its software applications manage data of 11 million students in 46 states. Although Infinite Campus did not name ShinyHunters as the threat actor, it described the intruder as “part of a group known for targeting the Salesforce accounts of hundreds of companies.”
The extortion group has been targeting Salesforce customers for the past year, breaching hundreds of companies and claiming more than 1.5 billion records stolen in the Salesloft Drift hack and the more recent Salesforce Aura campaign.
Infinite Campus has also stated that, according to its investigation, no customer databases were accessed. Exposed data consists of names and contact details for school staff and information that is commonly available publicly.
“Their target was the Infinite Campus Salesforce instance, consisting of names and contact information for school staff; the majority is directory information commonly found on school websites,” explained the firm.
In response to the incident, the firm has disabled certain customer-facing services for users without IP address restrictions to minimize the risk of potential exposure of sensitive data. At the same time, it is scanning all Salesforce data that may have been compromised and is contacting potentially impacted districts to provide guidance.
The incident resembles the December 2024 PowerSchool hack due to the type of targeted platform, though the impact scope was vastly different, exposing the sensitive information of 62 million students.
Update: BleepingComputer reported earlier today that Infinite Campus shared with them the notification sent to customers, which sheds more light on the breach and the company's response to it. We will continue to monitor the situation and provide updates as necessary.
Related Information:
https://www.ethicalhackingnews.com/articles/Infinite-Campus-Warns-of-Data-Breach-After-ShinyHunters-Claims-Extortion-ehn.shtml
https://www.bleepingcomputer.com/news/security/infinite-campus-warns-of-breach-after-shinyhunters-claims-data-theft/
https://databreach.io/breaches/infinite-campus-data-breach-claim-involves-student-information-system-data/
Published: Tue Mar 24 11:10:50 2026 by llama3.2 3B Q4_K_M
