Figure Data Breach Exposes 1 Million Accounts
▼ Summary
– Hackers stole personal data from nearly 1 million accounts after breaching Figure Technology Solutions via a social engineering attack.
– The exposed data included email addresses, names, phone numbers, physical addresses, and dates of birth from January 2026.
– The extortion group ShinyHunters claimed responsibility, leaking 2.5GB of data and adding Figure to its dark web leak site.
– This breach is part of a broader campaign where attackers use voice phishing to trick employees into providing login credentials and MFA codes.
– The campaign has targeted over 100 organizations, providing attackers access to connected enterprise applications after compromising single sign-on accounts.
A significant data breach at blockchain-based financial services firm Figure Technology Solutions has compromised the personal information of nearly one million individuals. The incident, which the company attributes to a sophisticated social engineering attack, resulted in the theft of sensitive customer data, including names, email addresses, phone numbers, physical addresses, and dates of birth. This breach underscores the persistent threat that targeted phishing campaigns pose to organizations, regardless of their technological sophistication.
The company, which utilizes blockchain technology for lending and borrowing services, confirmed that attackers accessed “a limited number of files” after tricking an employee. While Figure has not publicly detailed the scale of the incident, the data breach notification service Have I Been Pwned reported that information from 967,200 accounts was stolen and subsequently posted online. The exposed data reportedly dates back to early 2026.
The notorious ShinyHunters extortion group has claimed responsibility for the hack, adding Figure to its dark web leak site. The group published approximately 2.5 gigabytes of data allegedly taken from thousands of loan applicants. This group has been linked to a string of high-profile breaches in recent weeks, targeting companies across various sectors such as retail, finance, and technology.
Evidence suggests this attack is part of a broader voice phishing (vishing) campaign targeting single sign-on (SSO) credentials. In these schemes, attackers impersonate IT support staff, contacting employees via phone and deceiving them into entering their login credentials and multi-factor authentication codes on fraudulent websites that mimic legitimate company portals. Once they obtain these credentials, the hackers gain access to the victim’s SSO account, which often serves as a gateway to a wide array of connected enterprise applications.
This method has provided threat actors with access to critical business platforms like Salesforce, Microsoft 365, Google Workspace, and many others. The same campaign is believed to be behind a recent breach at Match Group, the parent company of major dating services including Tinder and Hinge. The tactic highlights how social engineering remains a highly effective vector for bypassing even robust security measures, turning human error into a significant organizational vulnerability.
(Source: Bleeping Computer)
