Saturday, April 25, 2026
Latest:

Threatshub.org sponsored-Post

The Register

ShinyHunters claim they have cruise giant Carnival’s booty as 7.5M emails surface

TH Author

Carnival Corporation, the world’s largest cruise company, is dealing with choppy waters after Have I Been Pwned flagged what it claimed were 7.5 million unique email addresses all allegedly tied to one of its subsidiaries. 

According to HIBP, the haul totals 8.7 million records and appears to relate to the Mariner Society loyalty program run by Holland America Line, a subsidiary of Carnival Corporation. It said the “data contained fields indicating it related to the Mariner Society loyalty program run by Holland America.” The exposed data includes names, dates of birth, genders, and membership status details – the kind of personal data attackers can easily repurpose for fraud or phishing.

The company acknowledged a security incident, according to HIBP, but its version of events is, for now, a lot more contained. Carnival says the breach involved a phishing attack against a single user account and said it is still working to understand the scope of any unauthorized access.

That’s not quite the story being told elsewhere. The data was published by the ever-busy ShinyHunters extortion crew, which claimed to have lifted not just customer data but “terabytes of internal corporate data” after talks with the company apparently went nowhere.

“The company failed to reach an agreement with us despite our incredible patience,” said a post on the group’s leak site, seen by The Register, adding, “They don’t care.”

Take the claims with the usual pinch of sea salt – ShinyHunters has form for dressing up its hits –  but the volume and apparent legitimacy of the data flagged by HIBP suggest there is potentially something more substantial here than the usual leak site bravado.

The Register has asked Carnival to confirm whether the figures match its own findings, what data was accessed, whether any ransom demand was made, and how attackers got in. It hadn’t responded at the time of writing.

ShinyHunters is no stranger to this kind of break-in, usually getting a foot in the door via phishing, stolen logins, or by cracking into SaaS platforms before digging around for anything they can cash in. If their claims are accurate, this went well beyond a single compromised inbox.

Whether this turns out to be a contained phishing mishap or a full-blown data spill is still unclear – but either way, passengers may want to keep a closer eye on their inboxes than their next itinerary. ®

READ MORE HERE