Weekly Update 505

Troy Hunt News
cybersecurity data-breach hacking ransom shinyhunters weekly-update

Summary

Troy Hunt's weekly update reports that the ShinyHunters hacking group has resurfaced with new claims against DentaQuest and Charter Communications after a brief silence following the Instructure ransom payment.

<img src="https://storage.ghost.io/c/fb/33/fb3391dc-723d-4e74-b95a-d641b5feb38e/content/images/2026/05/Splash-Template@1x_1.jpg" alt="Weekly Update 505"><p>Well, that didn&apos;t last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I&apos;d first heard rumour of payment being made, and I posited that groups like this often go quiet after they feel the heat, only to emerge shortly after, the drug that is hacking being too strong to ignore. Anyway, here we now are:</p> <!--kg-card-begin: html--> <blockquote class="twitter-tweet"><p lang="en" dir="ltr">&#x1F6A8;&#x1F1FA;&#x1F1F8; ShinyHunters Claims 3 New Victims<br><br>&#x1F1FA;&#x1F1F8; <a href="https://t.co/v8Wf457Gbp?ref=troyhunt.com">https://t.co/v8Wf457Gbp</a>: U.S.-based dental benefits administrator and oral health company.<br><br>&#x1F1FA;&#x1F1F8; Charter Communications, Inc.: U.S. telecommunications and cable company best known for Spectrum internet, TV, mobile, and phone services.<br><br>&#x1F1FA;&#x1F1F8;&#x2026; <a href="https://t.co/epWcVVGRHa?ref=troyhunt.com">pic.twitter.com/epWcVVGRHa</a></p>&#x2014; Dark Web Informer (@DarkWebInformer) <a href="https://twitter.com/DarkWebInformer/status/2057968306124980690?ref_src=twsrc%5Etfw&amp;ref=troyhunt.com">May 22, 2026</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script> <!--kg-card-end: html--> <p>DentaQuest has since been removed, but <a href="https://dentaquest.com/?ref=troyhunt.com" rel="noreferrer">their website</a> is currently returning &quot;Access Denied&quot;, which isn&apos;t a great look. Obviously, the broken website doesn&apos;t look great, but neither do the optics of potentially having paid a ransom. But that does seem to be the way that many of these incidents are going now &#x1F937;&#x200D;&#x2642;&#xFE0F; </p> <!--kg-card-begin: html--> <div><div style="width: 170px; display: inline-block; margin-right: 3px;"><a href="https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699?ref=troy-hunt"><img src="https://storage.ghost.io/c/fb/33/fb3391dc-723d-4e74-b95a-d641b5feb38e/content/images/2018/05/Listen-on-Apple-Podcasts.svg" alt="Weekly Update 505"></a></div><div style="width: 175px; display: inline-block; margin-right: 3px;"><a href="https://www.youtube.com/playlist?list=PL7LAAxaabizMAXnJe0s3xjQ30q12EVmjt&amp;ref=troyhunt.com"><img src="https://storage.ghost.io/c/fb/33/fb3391dc-723d-4e74-b95a-d641b5feb38e/content/images/2024/09/Watch-and-Listen-on-YouTube.svg" alt="Weekly Update 505"></a></div><div style="width: 118px; display: inline-block; margin-right: 3px;"><a href="https://open.spotify.com/show/7jMtKFohdrw6qmz8AkLqit?ref=troy-hunt"><img src="https://storage.ghost.io/c/fb/33/fb3391dc-723d-4e74-b95a-d641b5feb38e/content/images/2019/10/spotify.svg" class="kg-image" alt="Weekly Update 505"></a></div><div style="width: 120px; display: inline-block;"><a href="https://omny.fm/shows/troy-hunt-weekly-update/playlists/podcast.rss?ref=troy-hunt"><img src="https://storage.ghost.io/c/fb/33/fb3391dc-723d-4e74-b95a-d641b5feb38e/content/images/2018/07/Download-via-RSS.svg" alt="Weekly Update 505"></a></div><iframe width="100%" height="480" src="https://www.youtube.com/embed/Xher1Mtwxro" title="YouTube video player" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen loading="lazy" spellcheck="false"></iframe></div> <!--kg-card-end: html-->
Original Article
View Cached Full Text

Cached at: 05/24/26, 06:17 AM

# Weekly Update 505 Source: [https://www.troyhunt.com/weekly-update-505/](https://www.troyhunt.com/weekly-update-505/) Well, that didn't last long\! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom\. It was two weeks almost to the hour since I'd first heard rumour of payment being made, and I posited that groups like this often go quiet after they feel the heat, only to emerge shortly after, the drug that is hacking being too strong to ignore\. Anyway, here we now are: > 🚨🇺🇸 ShinyHunters Claims 3 New Victims 🇺🇸[https://t\.co/v8Wf457Gbp](https://t.co/v8Wf457Gbp?ref=troyhunt.com): U\.S\.\-based dental benefits administrator and oral health company\. 🇺🇸 Charter Communications, Inc\.: U\.S\. telecommunications and cable company best known for Spectrum internet, TV, mobile, and phone services\. 🇺🇸…[pic\.twitter\.com/epWcVVGRHa](https://t.co/epWcVVGRHa?ref=troyhunt.com) — Dark Web Informer \(@DarkWebInformer\)[May 22, 2026](https://twitter.com/DarkWebInformer/status/2057968306124980690?ref_src=twsrc%5Etfw&ref=troyhunt.com) DentaQuest has since been removed, but[their website](https://dentaquest.com/?ref=troyhunt.com)is currently returning "Access Denied", which isn't a great look\. Obviously, the broken website doesn't look great, but neither do the optics of potentially having paid a ransom\. But that does seem to be the way that many of these incidents are going now 🤷‍♂️ [![Listen on Apple Podcasts](https://storage.ghost.io/c/fb/33/fb3391dc-723d-4e74-b95a-d641b5feb38e/content/images/2018/05/Listen-on-Apple-Podcasts.svg)](https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/id1176454699?ref=troy-hunt) [![Watch and Listen on YouTube](https://storage.ghost.io/c/fb/33/fb3391dc-723d-4e74-b95a-d641b5feb38e/content/images/2024/09/Watch-and-Listen-on-YouTube.svg)](https://www.youtube.com/playlist?list=PL7LAAxaabizMAXnJe0s3xjQ30q12EVmjt&ref=troyhunt.com) [![](https://storage.ghost.io/c/fb/33/fb3391dc-723d-4e74-b95a-d641b5feb38e/content/images/2019/10/spotify.svg)](https://open.spotify.com/show/7jMtKFohdrw6qmz8AkLqit?ref=troy-hunt) [![Download via RSS](https://storage.ghost.io/c/fb/33/fb3391dc-723d-4e74-b95a-d641b5feb38e/content/images/2018/07/Download-via-RSS.svg)](https://omny.fm/shows/troy-hunt-weekly-update/playlists/podcast.rss?ref=troy-hunt) [Weekly update](https://www.troyhunt.com/tag/weekly-update/)

Similar Articles

Weekly Update 506

Troy Hunt

Troy Hunt discusses the ongoing ShinyHunters data breaches and dumps, noting the criminality, organizational responses, and the seemingly endless cycle of new victims appearing, such as DentaQuest and BCD Travel.

Weekly Update 503

Troy Hunt

Troy Hunt's weekly update covers Instructure's 'pay or leak' deadline from ShinyHunters, with the company remaining silent and lawsuits being prepared.

Weekly Update 502

Troy Hunt

Troy Hunt's weekly update discusses how ShinyHunters uses social engineering and vishing to breach major brands, with insights from Mandiant.

Weekly Update 504

Troy Hunt

Troy Hunt's weekly update discusses the normalization of ransomware payments, referencing Grafana's refusal to pay and Instructure's euphemistic 'agreement' with attackers, and criticizes the softening of language around criminal extortion.

Weekly Update 494

Troy Hunt

Troy Hunt's weekly update covers a flurry of five data breaches loaded into Have I Been Pwned in just two days, including details on the Odido, KomikoAI, Quitbro, Lovora, and Provecho breaches.