Crunchbase Hacked: Company confirms January 2026 data breach after ShinyHunters leak millions of records

Crunchbase has joined a growing list of high-profile tech platforms caught in a widening cybercrime campaign.

The market intelligence firm confirmed that it was hacked in January 2026, after the cybercriminal group ShinyHunters published samples of data it claimed were stolen from Crunchbase’s internal systems, per SecurityWeek. The disclosure sent ripples across the startup, investor, and sales communities that rely on Crunchbase data as a daily reference point.

The notorious ShinyHunters cybercrime group alleges it accessed more than 2 million Crunchbase records and published roughly 400 MB of compressed data after the company refused its ransom demand, SecurityWeek reported.

The breach surfaced after ShinyHunters posted files on its dark web leak site, following what the group described as failed ransom negotiations. Security researchers say the material appears authentic. Reports from outlets including SecurityWeek, Security Affairs, and The Register indicate that more than 2 million records may have been taken, packaged in a compressed archive of roughly 400 MB. The exposed data reportedly includes employee records, contracts, internal corporate documents, and other sensitive materials. Hudson Rock CTO Alon Gal reviewed samples of the leak and supported the claim that the files originated from Crunchbase systems.

Crunchbase acknowledged the incident in a statement, confirming that a threat actor gained access to its corporate network and removed certain documents. The company said the intrusion did not disrupt business operations and that the affected systems have since been secured. Crunchbase added that it brought in external cybersecurity specialists, alerted federal law enforcement, and is reviewing the data involved to determine whether notifications to users or regulators are required.

“Crunchbase detected a cybersecurity incident where a threat actor exfiltrated certain documents from our corporate network. No business operations have been disrupted by this incident. We have contained the incident, and our systems are secure,” Crunchbase told SecurityWeek in a statement.

The company added:

“Upon detecting the incident we engaged cybersecurity experts to assist us and we contacted federal law enforcement. Crunchbase is aware that the threat actor posted certain information online. As part of our incident response procedures we are reviewing the impacted information to determine if any notifications are required consistent with applicable legal requirements.”

Investigators link the attack to a broader ShinyHunters campaign focused on voice phishing targeting Okta single sign-on credentials. The group has tied similar techniques to recent breaches at other major platforms, including SoundCloud and Betterment. In those cases, tens of millions of records were exposed. ShinyHunters has suggested that additional victims exist, claiming there are “a lot more” targets tied to the same effort.

ShinyHunters has operated since around 2020 and has built a reputation for large-scale data theft followed by extortion attempts. The group often relies on compromised credentials, social engineering, and weak identity controls. If demands go unpaid, stolen data is typically published or sold. The Crunchbase incident closely follows that pattern.

The stakes extend well beyond a single company. Crunchbase functions as infrastructure for the startup economy, feeding deal sourcing, sales prospecting, competitive research, and due diligence workflows across thousands of organizations. Exposure of internal documents or proprietary datasets opens the door to impersonation attacks, targeted phishing aimed at founders and investors, and leaks of sensitive competitive signals. Trust erosion poses another risk for platforms built on paid access to structured intelligence.

Crunchbase Data Breach Raises Alarms Across the Startup and VC Ecosystem

For startups and enterprises that depend on third-party data providers, the breach highlights a familiar but unresolved problem. Vendor platforms often become quite security-dependent. Internal safeguards may hold firm, yet a partner’s compromise can still create downstream risk.

The incident adds pressure on data brokers and identity providers at a moment when social engineering attacks are growing more convincing and more persistent. Review of access controls, closer monitoring of authentication behavior, and stronger verification around SSO accounts are becoming baseline expectations rather than optional upgrades.

As investigators continue to assess the scope of the breach, more details may emerge about what data was accessed and who may be affected. For the tech ecosystem, the message is already clear. Platforms that trade in information have become high-leverage targets, and the impact of a breach can travel far beyond the company at its center.

Crunchbase began as a TechCrunch project in 2007 before spinning out as an independent company in 2015, later becoming a core data source for startups, investors, and sales teams.