What Happened
In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. Whilst not present on all records, the data also included genders, physical addresses, phone numbers, nationalities, dates of birth, spouse names and VIP status codes.
Recommended Actions
Sponsored
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Breach Overview
-
Affected Accounts:
215.6 thousand
-
Breach Occurred:
April 2026
-
Added to HIBP:
1 May 2026
Recommended Actions
Change Your Password
If you haven’t already changed the password affected by this breach, do so immediately on every account where it was used.
Enable Two-Factor Authentication
Wherever 2FA is supported, add an extra layer of security to your account.
Sponsored
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
如有侵权请联系:admin#unsafe.sh