Over 2.3 million people tied to the Moody Bible Institute just had their data dumped online. ShinyHunters is behind it — the same group that’s hit Salesforce, Carnival, and Pitney Bowes.
MBI disclosed the breach back in June. Apparently, the Christian college didn’t pay the extortion demands. So ShinyHunters leaked what they stole. The data is now in the Have I Been Pwned database. Names, genders, dates of birth, physical and email addresses, phone numbers, marital statuses — all of it. Documents tied to donors, supporters, students, and alumni were also part of the cache.
MBI says its tech team addressed the vulnerability and brought in external cybersecurity experts. They’re telling affiliated individuals to monitor their accounts and use credit freezes and fraud alerts. Standard advice for a very not-standard situation.
This is ShinyHunters’ playbook. Pay-or-leak. Earlier this year they hit Canvas, a learning platform, impacting an estimated 275 million students. That attack triggered national security alerts. They’ve also been linked to a massive Oracle PeopleSoft campaign affecting over 100 organizations.
The lesson here isn’t new. If you hold sensitive data on millions of people, someone’s going to try to take it. And if you don’t pay, they’ll publish it. MBI chose not to pay. Now the data’s out there.
