This leaksear.ch source covers 84,818 indexed Charter Communications records tied to an April 1, 2026 Salesforce data exfiltration attributed to ShinyHunters, including customer contact details, sales and CRM cases, support tickets, and internal Spectrum employee directory entries (leaksear.ch metadata). The dataset sits within a broader publicly reported Charter incident in which Have I Been Pwned lists 4.9 million affected email addresses, while Charter has disputed claims that sensitive personal information or CPNI was taken (haveibeenpwned.com, www.bleepingcomputer.com).
What happened
ShinyHunters claimed it compromised an employee Microsoft Entra account through voice phishing on April 1, 2026, then used that access to export data from Charter's Salesforce instance (www.bleepingcomputer.com). Charter did not attribute the attack in public reporting reviewed here; the company said it was following security protocols, working with authorities, and that sensitive PI or CPNI was not exfiltrated (www.bleepingcomputer.com, cybernews.com).
Public scale reporting has varied. ShinyHunters claimed tens of millions of records, Cybernews reported at least 13 million exposed individuals and nearly 10 million support ticket records, and Have I Been Pwned lists 4.9 million unique email addresses plus an approximately 85,000-record internal employee directory subset with job titles (cybernews.com, haveibeenpwned.com). Those public figures are distinct from the 84,818 records indexed in this leaksear.ch source (leaksear.ch metadata).
What data was exposed
The leaksear.ch metadata lists name, email, phone, country, and address as searchable fields in the indexed Charter dataset (leaksear.ch metadata). The same metadata describes exposed customer contact details, sales and CRM cases, support tickets, and internal Spectrum employee directory entries (leaksear.ch metadata).
Stored non-searchable context fields include business unit, department, desk phone, location code, management area, preferred name fields, job title, UUID, and image path fields (leaksear.ch metadata). Public sources separately report names, email addresses, phone numbers, physical addresses, and job titles in the broader Charter breach, with Cybernews also reporting support ticket subjects, timestamps, customer emails, and phone numbers in the posted data (haveibeenpwned.com, cybernews.com).
Why this matters
Contact details combined with workplace context can support targeted phishing, vishing, support impersonation, and business email compromise pretexts. For enterprise customers and employees, department names, job titles, desk phones, and support ticket context can help attackers make fraudulent outreach look more credible. Charter has disputed claims that CPNI or sensitive PI was exfiltrated, so affected parties should separate confirmed contact and directory exposure from threat-actor claims about additional telecom data (www.bleepingcomputer.com). If you are a Charter or Spectrum customer, employee, or enterprise contact, check whether your name, email, phone, country, or address appears in this leak before responding to unsolicited account or support messages.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, name, and phone.
Sources
- BleepingComputer: Charter confirms data breach after ShinyHunters extortion threat
- BleepingComputer: Charter Communications data breach affects 4.9 million accounts
- Have I Been Pwned: Charter Data Breach
- Cybernews: Inside the Charter data breach: hackers leak 13M+ customer data
- Techlicious: Charter confirms Spectrum data breach: 13 million customers exposed