-
The ShinyHunters hacker group has targeted ZenBusiness, an AI-driven LLC formation platform backed by billionaire Mark Cuban, threatening to release stolen data unless the company pays a ransom.
-
The group claims it pulled “several terabytes” of sensitive data through platforms including Snowflake, Mixpanel, and Salesforce.
-
Cybersecurity researchers warn the breach could expose customer identities, internal business operations, and employee information, putting thousands of small business owners at risk.
A deadline is ticking for ZenBusiness. The ShinyHunters hacker group has posted a data breach claim on the dark web, threatening to release what it describes as “several terabytes” of stolen company data unless ZenBusiness meets its ransom demands.
The group set March 25, 2026 as its cutoff date, warning the company in a post: “This is the last warning to contact us before we drop the bombshell along with various disturbing (digital) issues that will target you.”
ZenBusiness markets itself as a one-stop platform for entrepreneurs, offering LLC formation, registered agent services, and compliance tools that promise to get a business running in minutes.
Mark Cuban, the billionaire entrepreneur, serves as a strategic advisor and investor in the company. But that high-profile backing may offer little protection against what researchers are calling a serious threat.
ShinyHunters Claims Access Through Multiple Platforms
ShinyHunters says it extracted the stolen data through Snowflake, Mixpanel, and Salesforce, cloud platforms that ZenBusiness relies on for data storage and customer management. The group has not yet released the data publicly, but its dark web post signals that it intends to follow through if ZenBusiness does not respond.
Cybernews researchers who analyzed the claim believe the stolen material likely includes sensitive internal and customer-facing data. “The bad actors probably have the firm’s internal data and could potentially blow up customer or employee details including PII, the kind of businesses that the platform helped to establish,” the researchers explained.
That kind of exposure carries serious consequences. Customers who used ZenBusiness to register their businesses trusted the platform with personal identification details, contact information, and business filings. A leak would hand criminals a ready-made toolkit for identity theft and targeted fraud. “The breach may likely blow up the company’s internal operations too, which can slash ZenBusiness’s competitive leverage,” researchers added.
Cybernews reached out to ZenBusiness for comment but had not received a response at the time of publication.
ShinyHunters Goes on a Hacking Spree
ZenBusiness is not ShinyHunters’ only recent target. The group has been on an aggressive campaign, racking up victims across multiple industries in a short span of time.
Salesforce found itself at the center of this wave. ShinyHunters breached the platform in October 2025 and threatened to target hundreds of its customers if the company refused to pay. ZenBusiness appears to be one of those downstream victims caught in that same net.
Just this week, ShinyHunters named Ameriprise Financial as its latest casualty. After the financial firm apparently refused to pay, the group dumped hundreds of gigabytes of stolen files directly onto the dark web.
Days before that, the gang threatened Infinite Campus, a widely used Student Information System provider. The company later confirmed that an unauthorized party had accessed an employee’s Salesforce account, further tying these attacks to the same breach chain.
ShinyHunters has also claimed responsibility for attacks against Bumble, dating platforms Hinge, Match, and OkCupid, and two major US investment advisory firms, Mercer Advisors and Beacon Pointe Advisors. The pattern is clear: the group targets platforms with large customer bases and sensitive data, then weaponizes that access for ransom.
What This Means for ZenBusiness Customers
Small business owners who use ZenBusiness face real and immediate risk. Their personal information, names, contact details, business filings, and potentially financial data, may already be in the hands of a group with a proven record of following through on its threats.
ShinyHunters has shown its willingness to target companies across sectors, from business services like ZenBusiness to telecommunications giants like Odido, proving that no industry is safe from their double-extortion tactics.
Experts recommend that affected users monitor their accounts closely, watch for phishing attempts, and change passwords linked to their ZenBusiness profiles. For a platform built on the promise of a worry-free business setup, this breach threatens to shake the very trust its customers placed in it.
