leaksear.ch has indexed 37,501,677 records tied to Charter Communications, the parent company of Spectrum, from an April 1, 2026 ShinyHunters breach of the company Salesforce environment (leaksear.ch metadata) (www.bleepingcomputer.com). The indexed data includes customer and business contacts, CRM and support case data, and internal employee directory fields, while public reporting has separately measured 4.9M unique email addresses and at least 13M exposed individuals after deduplication (haveibeenpwned.com, cybernews.com).
What happened
BleepingComputer reported on May 26, 2026 that Charter confirmed a data breach after ShinyHunters listed the company on its leak site and threatened to publish stolen data. Charter said it was working with authorities and stated that no sensitive personal information or customer proprietary network information was exfiltrated, while ShinyHunters claimed it had stolen 40M records (www.bleepingcomputer.com).
According to the same reporting, ShinyHunters said the April 1 intrusion began with a voice phishing call that compromised an employee Microsoft Entra account, then was used to export consumer and business customer records from Charter Salesforce. SecurityWeek later reported that the data was published on the group Tor-based leak site and that Charter said only sales tools for current, past, and prospective business customers were impacted (www.bleepingcomputer.com, www.securityweek.com).
Record counts remain contested: the threat actor claimed 40M to 42M records, Have I Been Pwned listed 4.9M unique email addresses, Cybernews estimated at least 13M individuals and noted duplicate records, and leaksear.ch indexing metadata lists 37.5M records (haveibeenpwned.com, cybernews.com, www.securityweek.com) (leaksear.ch metadata).
What data was exposed
leaksear.ch metadata lists searchable fields including names, email addresses, phone numbers, usernames, physical addresses, country, dates of birth, and IP addresses (leaksear.ch metadata). Stored record context also includes sales and CRM cases, support and service tickets, contact and account IDs, account owner and role data, customer and business account numbers, billing, shipping, site and mailing address fields, company names, lead sources, case subjects and timestamps, and internal employee directory attributes such as employee numbers, job titles, departments, managers, work locations, phone extensions, and active status (leaksear.ch metadata).
Public reports align on the core contact data. Have I Been Pwned lists email addresses, job titles, names, phone numbers, and physical addresses, while Cybernews reported full names, email addresses, home and company addresses, support ticket records with subjects and timestamps, customer email addresses and phone numbers, and staff work emails, job titles, and a limited number of home addresses (haveibeenpwned.com, cybernews.com).
Charter disputed ShinyHunters claims that CPNI or sensitive personal information was exfiltrated, so CPNI exposure should be treated as unconfirmed based on current public reporting (www.bleepingcomputer.com, www.securityweek.com).
Why this matters
CRM leaks are useful for targeted phishing because they tie contact data to company, job, account, support, and service context. For business customers and employees, support-ticket and directory details can make impersonation attempts more credible, especially calls or emails pretending to be Spectrum, a customer contact, an account owner, or internal IT. Security teams should review inbound phishing and vishing reports, warn exposed groups, and monitor for account recovery attempts that use leaked contact details. If you are a current or former Spectrum customer, Charter employee, or business contact, use the exposure check below to see whether your email, phone, name, username, address, date of birth, country, or IP address appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, ip address, name, phone, and username.
Sources
- BleepingComputer: Charter confirms data breach after ShinyHunters extortion threat
- Have I Been Pwned: Charter Data Breach
- Cybernews: Inside the Charter data breach: hackers leak 13M+ customer data
- SecurityWeek: Charter Communications Data Breach Could Impact Nearly 5 Million
- Techlicious: Charter confirms Spectrum data breach: 13 million customers exposed