SlowMist CISO issues alert: ShinyHunters claims to have breached Anthropic’s internal systems

According to an alert published on the X platform on April 23 by 23pds, Chief Information Security Officer (CISO) at SlowMist, the hacking group ShinyHunters claims to have breached internal systems associated with the Anthropic Mythos model and has publicly shared screenshots as evidence, including a user management panel, an AI experiments dashboard, and analyses of model performance and costs; however, Anthropic has not yet issued an official statement.

SlowMist CISO Warns: Alleged Intrusion of Anthropic Systems

(Source: SlowMist)

According to 23pds’ post on X, the screenshots published by ShinyHunters cover a user management panel, an AI experiments dashboard, and data related to model performance and cost analysis. In the post, 23pds stated that given the large number of enterprises that have applied for trials of Anthropic-related services, once the intrusion is confirmed, leading technology companies and companies in the crypto industry may face indirect security risks.

As of April 23, Anthropic has not issued a public statement regarding this matter, and the authenticity of the claims remains to be confirmed by the official party.

Cybernews: ShinyHunters Issues Extortion Threats to Nine Major Brands

According to Cybernews’ report on April 21, ShinyHunters claims it has breached nine major brands and set a deadline: if the related extortion payment is not made by April 21, it will publish more than 9 million records containing personal identity information and internal data.

The brands reportedly affected include:

Zara: According to Cybernews, ShinyHunters claims it gained access to Zara’s BigQuery database instance by exploiting a vulnerability in Israeli AI analytics company Anodot. Zara’s parent company Inditex has confirmed in an official statement that the database was accessed without authorization, but it did not specifically name Anodot

7-Eleven: ShinyHunters claims its Salesforce environment was compromised, and more than 600k records are allegedly stolen

Carnival Group: ShinyHunters claims it stole more than 8.7 million records

According to Cybernews, the related vulnerability involving Anodot is also allegedly what led to the breach of Rockstar Games’ Snowflake environment.

Salesforce Environment Compromised: Involving Organizations and Data Scale

According to Cybernews, other organizations reportedly affected by the compromise of Salesforce systems include: global e-commerce company Pitney Bowes; the Canadian financial services firm Sun Life Financial (Sun Life); the ultra-luxury hotel group Aman Resorts; and commercial real estate brokerage Marcus & Millichap. According to Cybernews, after U.S. home security services provider Alert 360 refused to pay the ransom, ShinyHunters claims it has published the records of 2.5 million users of the company.

Frequently Asked Questions

Has news about ShinyHunters’ alleged intrusion of the Anthropic Mythos system been officially confirmed?

As of April 23, according to the X-platform alert from SlowMist CISO 23pds, Anthropic has not issued an official statement regarding the related claims, and the authenticity of the news has not yet been confirmed by Anthropic or any other official organization.

What official statement did Inditex release regarding the alleged intrusion of its Zara database?

According to Cybernews, Inditex has confirmed that its database was accessed without authorization, but in its official statement it did not specifically name Anodot, ShinyHunters, or any specific attacker.

Has ShinyHunters previously been recorded in any large-scale intrusion cases?

According to Cybernews’ report on April 21, ShinyHunters, during the same period, claimed to have compromised nine major brands including Zara, 7-Eleven, and Carnival Group. The extortion threats involved more than 9 million records of personal identity information. As of the time the report was published, detailed data on each company’s specific losses and legal responses had not been fully disclosed.