ZenBusiness Breach: 5.1M Records Exposed (2026)

Overview

In March 2026, the hacker group “ShinyHunters” claimed to have breached ZenBusiness, a business formation and compliance platform. After ZenBusiness reportedly did not pay a ransom demand, the group publicly released the stolen data in April 2026. The breach compromised approximately 5.1 million unique email addresses, alongside names and phone numbers, extracted from cloud platforms including Snowflake, Mixpanel, and Salesforce. The data set contained terabytes of information across thousands of files, spanning leads, support records, and CRM data. This incident has been cataloged on Have I Been Pwned, confirming the scale of the exposure.

What Was Exposed

The compromised data included:

• Email Addresses (5,118,184 unique records)
• Names (often associated with email addresses)
• Phone Numbers (often associated with email addresses)

The data was sourced from multiple internal systems, meaning some records may contain all three data points while others may only include an email address. No financial data, passwords, Social Security numbers, or banking details were confirmed as exposed in the publicly leaked data set.

Potential Impact

This breach presents several risks due to the combination of contact information:

• Phishing and Smishing: Attackers can use your real name and phone number to craft highly convincing emails or SMS scams impersonating ZenBusiness. A victim may be tricked into clicking on malicious links by authentic-looking messages.

• Social Engineering: Combined with your email and phone number, a name allows fraudsters to call or text victims pretending to be support staff. They may ask for additional information like Social Security numbers or bank account details.

• Account Takeover Attempts: While passwords were not leaked, attackers may use the email addresses in credential stuffing attacks, trying common password combinations across other services. If you reused passwords, your other accounts are at risk.

• Swatting and Doxxing: With a real name and phone number, determined attackers can locate physical addresses and harass victims.

Recommendations

Based on the exposed data types, take these actions:

1. Enable Multi-Factor Authentication (MFA): Since email addresses are exposed, secure your ZenBusiness account and any linked services. Use an authenticator app (like Google Authenticator) rather than SMS-based MFA.

2. Be Vigilant Against Phishing: Watch for emails or texts claiming to be from ZenBusiness. Hover over links before clicking. Contact ZenBusiness directly through their verified support channel if you receive suspicious messages.

3. Change Passwords: Update your ZenBusiness password and change passwords on any other accounts where you use the same or similar credentials. Create strong, unique passwords using a password manager.

4. Monitor for Identity Theft: While no SSNs were exposed, your email and phone number are building blocks for identity theft. Consider freezing your credit with the three major bureaus (Experian, Equifax, TransUnion) to prevent new account openings.

5. Review Account Activity: Log into ZenBusiness to check for unauthorized changes to your account details or recent activity you don’t recognize.

How to Check If You’re Affected

You can verify if your email address was compromised by visiting Have I Been Pwned’s ZenBusiness breach page. Enter your email address to see if it appears in the leaked data set. If it does, follow the recommendations above immediately, especially enabling MFA and changing passwords.

Security Insight

This breach follows a familiar pattern: ShinyHunters has previously targeted third-party data platforms like Snowflake and Salesforce, exploiting weak configurations rather than directly attacking ZenBusiness. This suggests ZenBusiness may have lacked proper access controls and inventory management for its third-party integrations, a common vulnerability in startups scaling rapidly. Compared to similar breaches at other business services platforms, the inclusion of phone numbers with names elevates the risk for targeted attacks on small business owners who rely on ZenBusiness for compliance and state filings.

Further Reading

• All High Breaches
• Recent Data Breaches