leaksear.ch has indexed 253,986 records from a Baker Distributing Company leak dated May 23, 2026, involving Salesforce and SharePoint data with customer and employee contact records, support tickets, and internal account metadata (leaksear.ch metadata). Baker Distributing says it provides HVAC, refrigeration, and foodservice equipment, parts, and supplies through more than 200 sales centers in 26 states (www.bakerdist.com).
What happened
Public reporting ties the incident to the ShinyHunters group. Have I Been Pwned says Baker Distributing was added to ShinyHunters' pay-or-leak site in May 2026 and that data claimed from Baker's SharePoint and Salesforce infrastructure was publicly published in early June; HIBP lists 102.9k affected accounts, a unique-email metric that differs from leaksear.ch's row-level index (haveibeenpwned.com).
Cybernews reported on June 5, 2026, and updated on June 17, 2026, that ShinyHunters posted Baker data after alleged negotiations failed, including Salesforce records and SharePoint documents; Cybernews also said it had contacted Baker for comment (cybernews.com). DeXpose separately reported a May 23, 2026 ShinyHunters claim involving more than 260,000 Salesforce records and a pay-or-leak deadline of May 27, 2026 (www.dexpose.io).
Public sources reviewed for this article describe an extortion-site data publication, but do not confirm the initial intrusion method. The exposure should not be read as a confirmed Salesforce or Microsoft SharePoint platform breach unless Baker, Salesforce, Microsoft, or investigators release additional findings.
What data was exposed
The leaksear.ch index describes customer and employee contact records, support tickets, names, email addresses, physical addresses, phone numbers, company and account metadata, and internal Salesforce identifiers (leaksear.ch metadata). Searchable fields in the indexed leak include address, country, date of birth, email, name, phone, and username, where present (leaksear.ch metadata).
Additional stored fields provide context from Salesforce-style cases, contacts, leads, and users. Those include account names, case numbers, case status, case comments, case origins, departments, titles, lead status, lead source, account ownership, timestamps, owner and role fields, bounced-email indicators, phone variants, mailing-address components, and source-file or source-row references (leaksear.ch metadata).
Public reporting is broadly consistent with that data profile: HIBP lists email addresses, names, phone numbers, physical addresses, and support tickets, while Cybernews reported employee records, sales leads, customer contact records, SharePoint documents, and support-ticket data (haveibeenpwned.com, cybernews.com).
Why this matters
The most immediate risk is targeted phishing against Baker customers, HVAC/R contractors, employees, and suppliers. Names, roles, account context, phone numbers, emails, addresses, and ticket details can make impersonation attempts more credible, especially if attackers reference real service issues or business relationships (leaksear.ch metadata).
Cybernews reported researchers warning that employee and client information could be used in targeted social engineering and that support tickets may reveal recurring technical issues (cybernews.com). Individuals should watch for account-recovery fraud, invoice or payment redirection attempts, and suspicious messages claiming to come from Baker support, sales, or account teams.
If you are a Baker Distributing customer, employee, lead, contractor, or supplier, check whether your email, name, phone number, username, address, country, or date of birth appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, phone, and username.
Sources
- Baker Distributing: About Baker Distributing HVAC, Refrigeration and Foodservice equipment parts and supplies distributor
- Have I Been Pwned: Baker Distributing Data Breach
- Cybernews: Hackers publish hundreds of thousands of Salesforce records from Baker Distributing
- DeXpose: ShinyHunters Breach Baker Distributing Company