Emerging ThreatsData Breaches

Kodak Breach Exposes Sensitive Data After ShinyHunters Hack

Analyst 207||Source: BleepingComputer
Institutional building entrance with subtle tech elements, hinting at digital breach.
"Kodak recently discovered that an unauthorized third party illegally gained temporary access to a limited amount of company data. We promptly engaged external cybersecurity experts to support an investigation of what data was accessed and copied," the company said.

Kodak's public statement and immediate steps

Kodak acknowledged a security incident and said it has engaged external cybersecurity experts to investigate what was accessed and copied. The company told BleepingComputer that attackers only accessed a "limited amount" of data. Kodak also said it is "working with law enforcement and are confident there is no threat to our systems or operations" and that it "will share additional updates as appropriate." A company spokesperson did not answer a follow-up question from BleepingComputer asking whether the incident involved a breach of Kodak's internal network.

The company highlighted its long corporate history and scale in the same notice: founded in 1880 as the Eastman Kodak Company, headquartered in Rochester, New York, Kodak holds 79,000 worldwide patents and provides commercial print, advanced materials, and chemical products. Those facts frame why any breach of customer or internal data carries operational and reputational weight for the firm.

ShinyHunters' claim, scope, and deadline

The extortion group ShinyHunters has claimed responsibility for the incident on its dark web leak site. The gang said it had "allegedly stole over 2.2 million records containing customer PIl and other internal corporate data" and issued a deadline tied to a threat to publish the material. "This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that'll come your way," the message said, and the group warned that it would leak the exfiltrated data on Thursday.

Kodak has not publicly attributed the incident to ShinyHunters. The company has described the amount of data accessed as "limited" and has said it is investigating what was accessed and copied.

Connections to other breaches and third-party platforms

ShinyHunters' claim comes with broader assertions about its activity. The gang said it has targeted "hundreds of Salesforce customers over the past year," claiming thefts of more than 1.5 billion records in campaigns it described as involving "Salesforce Aura and Salesloft Drift." The group has also been linked, according to the claim, to breaches at more than a dozen Snowflake customers and "various other third-party integration providers."

Separately, the group said that, a week earlier, it had carried out a new series of breaches at over 100 organizations — specifically naming the University of Nottingham among the victims — by exploiting a zero-day flaw in Oracle's PeopleSoft enterprise business software suite. Those broader claims, as set out on the group's leak site, position the Kodak allegation within a string of high-volume assertions about data theft through third-party or enterprise software vectors.

What this means for technologists, customers, and law enforcement

  • Technologists and security teams: Kodak's engagement of external cybersecurity experts and the company's statement that it is working with law enforcement will focus questions internally on containment, forensic analysis to determine the extent of copied data, and the effectiveness of existing detection tools — a concern echoed by a Picus whitepaper cited in the reporting that says security teams log 54% of successful attacks and alert on just 14%.
  • Kodak customers and commercial partners: Any claim of 2.2 million compromised records raises immediate questions about whether customer PII was part of the "limited amount" Kodak described and whether affected parties will be notified, given the extortion timeline ShinyHunters published.
  • Law enforcement and investigators: Kodak's confirmation that it is "working with law enforcement" signals parallel investigative work; the ShinyHunters deadline of 18 June 2026 gives investigators a narrow window to determine attribution and mitigate any planned data publication.

The facts in hand paint a narrow but urgent picture: Kodak confirms a temporary, unauthorized access and has mobilized outside cyber advisers and law enforcement; a cybercriminal group with a public history of large-scale claims is publicly threatening to publish more than 2.2 million records unless contacted by 18 June 2026. Kodak says it believes its systems and operations are not threatened, but the company has not yet answered a question about whether its internal network was breached. The coming hours — and any updates Kodak provides — will show whether the intrusion is limited to a discrete data set or part of a broader campaign that aligns with ShinyHunters' recent assertions.

Original reporting: https://www.bleepingcomputer.com/news/security/kodak-confirms-data-breach-claimed-by-shinyhunters-extortion-gang/

Data BreachEmerging ThreatsRansomwareShinyhuntersSupply ChainThird-Party RiskKodak Breach
Related Intelligence

Continue Reading

Person typing on a keyboard with a blank laptop screen in front, face turned away.

Prinz Eugen Ransomware Targets Critical Files in Hands-On Attacks

Meet Prinz Eugen, a sneaky ransomware that uses hands-on tactics to target critical files, evading detection by deliberately leaving no ransom note behind. Its operators use stolen RDP credentials and remote monitoring tools to manually infiltrate and take control of systems.

Analyst 207
Financial sector setting with technology integration and cityscape in background.

Microsoft attributes Mastra AI supply chain attack to North Korean hackers Sapphire Sleet

Microsoft warns that a recent supply chain attack on the Mastra AI npm environment was carried out by Sapphire Sleet, a notorious North Korean hacking group known for targeting the financial sector. This latest incident is part of a larger pattern of attacks that exploit open-source distribution channels.

Analyst 207
WordPress dashboard screen with a highlighted API key field and a warning symbol nearby.

Hackers Exploit Gravity SMTP Plugin Bug to Expose API Keys

Malicious hackers are racing to exploit a vulnerability in the Gravity SMTP plugin, which has been installed on around 100,000 WordPress sites, to get their hands on sensitive API keys. Over 17 million exploit attempts have already been blocked by Wordfence, highlighting the urgent need for site owners to update to version 2.1.5.

Analyst 207
Rows of network equipment and devices on racks in a dimly lit, empty server room.

Credential Attacks Target Fortinet, Sophos, MSSQL Devices in Large-Scale Campaign

A large-scale password spraying and credential theft campaign, dubbed "FortiBleed," is targeting Fortinet devices, with attempts also seen against MSSQL services and Sophos devices, warns Unit 42. This coordinated attack has sparked concerns over widespread credential attacks.

Analyst 207