An Alert 360 dataset indexed by leaksear.ch contains 1,905,385 records leaked by ShinyHunters in April 2026, including Alarm.com dealer customer records and Salesforce exports tied to the U.S. home and business security provider (leaksear.ch metadata). Alert 360 later said an April 4, 2026 unauthorized access incident exposed names, email addresses, mailing addresses, and phone numbers, while public reporting on ShinyHunters claimed a larger 2.5 million-record dump (alert360.com, cybernews.com).
What happened
Alert 360 published a company statement on May 4, 2026 saying it was the victim of unauthorized access to company systems on April 4, 2026, that it used third-party cybersecurity forensics experts, and that it took steps to contain, investigate, and resolve the issue (alert360.com). The company said no Social Security numbers, bank account information, credit or debit card data, security system access credentials, or alarm codes were compromised, and said customers' security systems remained operational (alert360.com).
Cybernews reported that ShinyHunters listed Alert 360 on its leak site and claimed to have dumped 2.5 million records after ransom talks broke down, while also noting at the time that the exact compromise path and exposed data types were not confirmed by the outlet (cybernews.com). The leaksear.ch indexing metadata describes the indexed leak as 1,905,385 records with a breach date of April 19, 2026, attributed to ShinyHunters, and containing Alarm.com dealer customer records plus Salesforce exports for objects including Contacts, Leads, Emergency Contacts, Users, Accounts, Opportunities, and Cases (leaksear.ch metadata).
The Salesforce context is important but should not be overstated for this specific leak. Salesforce warned in March 2026 that a known threat actor campaign was targeting overly permissive Experience Cloud guest user configurations, said the issue was not a Salesforce platform vulnerability, and described mass scanning of public-facing Experience Cloud sites using a modified Aura Inspector tool (salesforce.com). BleepingComputer reported that ShinyHunters claimed responsibility for ongoing Salesforce Aura and Experience Cloud data theft attacks, while Salesforce continued to characterize the issue as customer configuration risk rather than a platform flaw (bleepingcomputer.com).
What data was exposed
The leaksear.ch-indexed Alert 360 records are searchable by address, country, date of birth, email, name, phone, and username (leaksear.ch metadata). The broader field inventory includes customer and account context such as account numbers, account names, customer IDs, contact and lead IDs, case numbers, opportunity records, billing, mailing, shipping and other address fields, phone and mobile fields, job titles, departments, lead status, case status, service package, panel type, device and monitoring-related fields, and emergency contact record context (leaksear.ch metadata).
Alert 360's public statement confirms access to names, email addresses, mailing addresses, and telephone numbers, and says Social Security numbers, bank account information, credit or debit card data, security system access credentials, and alarm codes were not compromised (alert360.com).
Why this matters
The main risk is targeted phishing, vishing, and impersonation using contact details combined with security-provider account context. Alert 360 specifically warned individuals to remain vigilant against phishing attempts, unsolicited communications, and suspicious requests for personal information (alert360.com). Salesforce also warned that names and phone numbers harvested in similar Experience Cloud activity are often used for follow-on social engineering and vishing campaigns (salesforce.com). Individuals and organizations that may have dealt with Alert 360, Alarm.com dealers, installers, or related monitoring services should check whether their data appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, phone, and username.