Moody Bible Institute Breach Exposes 2.3 Million Accounts to ShinyHunters
The ShinyHunters extortion group has leaked data belonging to over 2.3 million individuals associated with the Moody Bible Institute (MBI), including names, contact details, and personal identifiers.

The Moody Bible Institute (MBI) has become the latest victim of the prolific ShinyHunters extortion group, with data belonging to over 2.3 million individuals now exposed online. The Christian college first disclosed a breach in June, and the stolen information was subsequently leaked by the cybercriminal collective. The exposed data, which includes sensitive personal details of students, alumni, and donors, has been added to the Have I Been Pwned breach notification database, bringing the scale of the incident into sharp focus.
ShinyHunters, known for its pay-or-leak tactics, has targeted numerous organizations throughout 2026. While MBI has not publicly confirmed whether it engaged in negotiations with the attackers, the public leak suggests that the group's extortion demands were not met. The data made available for download on June 23rd contains a comprehensive set of personal information, including names, genders, dates of birth, physical and email addresses, phone numbers, and marital statuses. Crucially, the breach also encompasses sensitive documents related to donor relations, MBI's supporters, students, and alumni.
MBI's technical team reportedly addressed a vulnerability shortly after the breach was detected and engaged external cybersecurity experts to manage the incident response. In a statement following the initial disclosure, the institution urged those affiliated with MBI to remain vigilant, monitor their accounts, and utilize free credit freezes and fraud alerts while the investigation proceeded. The organization also invoked faith, stating, "We are confident that God remains sovereign over every circumstance, and we trust Him to grant wisdom and discernment as we navigate this situation together."
Founded in 1886, MBI is a significant institution with multiple operations. Its primary entity is its university, offering undergraduate, graduate, and online courses for individuals pursuing ministry work, alongside aviation programs with a theological component. Over its history, MBI has educated more than 250,000 students. Beyond its academic offerings, MBI also operates Moody Radio, a Christian broadcasting network, and a publishing division focused on Christian literature.
The ShinyHunters group has been a persistent threat, with its leak site listing 86 victims since the beginning of the year, though the actual number is likely higher due to victims who pay ransoms to avoid public exposure. The group has previously been linked to high-profile attacks against major companies such as Salesforce, Carnival, and Pitney Bowes. They have also claimed responsibility for a widespread Oracle PeopleSoft campaign affecting over 100 organizations, and cited a PeopleSoft breach in connection with their attack on MBI.
Earlier in the year, national security alerts were issued regarding ShinyHunters following their attack on the learning platform Canvas, which compromised the data of an estimated 275 million students. This latest incident involving Moody Bible Institute underscores the broad reach and persistent threat posed by this well-established extortion group, highlighting the vulnerability of educational and religious institutions to sophisticated cyberattacks.
The newly published data includes a more granular breakdown of the personally identifiable information (PII) exposed, such as dates of birth, marital statuses, and physical addresses, in addition to names and email addresses. This expanded dataset significantly increases the risk of identity theft and highly targeted social engineering attacks against the affected individuals, who comprise donors, supporters, students, and alumni.