Pitney Bowes Breach Exposes 8.2M Records via ShinyHunters Phishing Attack
ShinyHunters has leaked 8.2 million unique email addresses, names, phone numbers, and physical addresses from logistics tech firm Pitney Bowes, with the breach confirmed by Have I Been Pwned on April 27, 2026.
Logistics technology company Pitney Bowes, best known for its franking machines and shipping software, has become the latest victim of the prolific cybercrime collective ShinyHunters. The group leaked 8.2 million unique email addresses alongside names, phone numbers, and physical addresses, with data breach tracker Have I Been Pwned (HIBP) confirming the authenticity of the dump on April 27, 2026. A smaller subset of the stolen data also included company employment records with job titles.
Pitney Bowes, which serves more than 600,000 clients worldwide and reported $1.9 billion in revenue in 2025, stated that the intrusion originated from a phishing attack that compromised an employee email account on April 9. The attackers leveraged that access to reach records in the company's Salesforce customer relationship management environment. The company said it immediately secured the environment, revoked the compromised access, and engaged cybersecurity experts and law enforcement.
In a statement to The Register, Pitney Bowes confirmed that the affected records relate to business customer accounts and contacts. The company emphasized that its investigation found no evidence that the activity extended into other Pitney Bowes systems, and no indication that sensitive personal data was accessed. It has notified affected business customers directly and implemented additional access controls, expanded monitoring, and targeted employee training.
ShinyHunters has been on a remarkable spree in recent weeks, with HIBP tracking and verifying the group's claims as they land. Confirmed cases include Grand Theft Auto developer Rockstar Games and physical security giant ADT. In just the past week, the collective has claimed responsibility for attacks on Udemy, Carnival Cruises, and the Asian Football Confederation, allegedly leaking tens of thousands of professional footballers' personal information and document scans.
The group previously told The Register in March that it accessed data belonging to nearly 400 companies via a Salesforce breach. ShinyHunters was also partly behind the sprawling attacks on Salesloft Drift last year, working in tandem with other crime crews as Scattered Lapsus$ Hunters, and hundreds more Salesforce customers later in 2025.
The Pitney Bowes incident underscores the persistent threat posed by phishing attacks targeting employee credentials, even at large enterprises with substantial security resources. The breach also highlights the cascading risk of compromised SaaS platforms like Salesforce, which serve as centralized repositories for customer and partner data. As ShinyHunters continues to operate a pay-or-leak extortion model, organizations are urged to enforce multi-factor authentication, monitor for anomalous access to CRM systems, and conduct regular phishing simulations.