Cybersecurity Incidents Expose 184 Million Credentials and 5.1 Million ZenBusiness Accounts

A series of significant cybersecurity incidents have recently come to light, revealing a vast exposure of digital credentials and sensitive personal data. In March 2026, the hacker group “ShinyHunters” claimed responsibility for obtaining a substantial corpus of data from ZenBusiness, a prominent business formation platform, impacting 5,118,184 accounts. This disclosure follows the discovery by ethical security researcher Jeremiah Fowler of an unsecured database containing over 184 million unique account credentials, including logins for major platforms like Google, Microsoft, and Apple, alongside highly sensitive financial, health, and government portal information. Fowler's analysis, conducted for public awareness, suggests the 184 million records were likely compiled through infostealer malware, a pervasive threat designed to harvest data from infected systems. These malicious programs typically target usernames, passwords, and other sensitive information stored in web browsers, email clients, and messaging apps, often deployed via phishing emails, malicious websites, or cracked software. The sheer scale and sensitive nature of the exposed data present immediate and long-term operational challenges for small and mid-sized businesses (SMBs) across the United States. The implications of such widespread data compromise are profound for SMBs, which often operate with leaner IT resources and may be less equipped to detect and respond to sophisticated cyberthreats. In our experience at C&S Finance Group LLC, these types of incidents underscore the critical need for robust financial risk management strategies that extend beyond traditional insurance policies. We've seen firsthand how a single breach can disrupt operations, erode customer trust, and incur significant financial penalties and recovery costs, often disproportionately affecting smaller enterprises. Business owners frequently underestimate the interconnectedness of their digital footprint, where a personal credential compromise can quickly escalate into a corporate network vulnerability. Proactive measures, including regular security audits, employee training on phishing awareness, and implementing multi-factor authentication, are no longer optional but essential safeguards. C&S Finance Group LLC specializes in helping businesses navigate these complex risks, developing comprehensive strategies to protect assets and ensure operational continuity. We encourage any business concerned about their exposure to cyberthreats to contact C&S Finance Group LLC at csfinancegroup.com to explore tailored risk mitigation solutions. The ZenBusiness breach, specifically, involves data claimed by ShinyHunters, an extortion group known for targeting various entities. While the full extent of the ZenBusiness data compromise and its specific impact on individual users and associated businesses is still being assessed, the sheer volume of accounts affected—over 5.1 million—signals a significant event for those who have utilized the platform for business formation and related services. Separately, Jeremiah Fowler’s discovery of the 184 million records paints a broader, equally alarming picture of the current cybersecurity landscape. The database, which was found completely unsecured without encryption or authentication, contained a treasure trove for cybercriminals. Beyond generic login credentials, it included highly sensitive information such as bank and financial account details, health platform logins, and access credentials for government portals. Screenshots from the database revealed compromised accounts with .Gov credentials from multiple countries, including Australia, Iran, India, Romania, and Brazil, indicating a global reach for the infostealer campaigns. Fowler, an ethical security researcher, confirmed the validity of the data by contacting individuals listed in the database, who verified their records were accurate. He emphasized that he does not download the data but takes screenshots for documentation. The method of data collection, believed to be infostealer malware, highlights a particularly insidious threat. These programs, once active, can capture screenshots and log keystrokes, providing attackers with a comprehensive view of a victim's digital activity. Stolen data is then often circulated on dark web marketplaces, used for identity theft, fraud, or to launch further cyberattacks, including targeted phishing campaigns against associated businesses. For small and mid-sized businesses, the ramifications are far-reaching. Employees or owners whose personal credentials are part of these breaches could inadvertently expose corporate networks if they reuse passwords or if their personal email accounts, often used for business communications, contain sensitive company documents. The advice from experts like Fowler underscores the danger of treating email accounts as informal cloud storage for tax forms, medical records, contracts, and passwords, as these become prime targets for infostealers. The surge in infostealer malware activity has been noted by cybersecurity firms like IBM and Check Point Security, indicating a growing and critical threat. The ease with which such a massive database was left exposed—a plain text file accessible online—underscores persistent vulnerabilities in data protection practices. This lack of basic security measures, such as encryption and access controls, makes it significantly easier for bad actors to exploit compromised data. Businesses and individuals are urged to monitor their accounts for unusual activity, such as login attempts from unfamiliar locations or uninitiated password reset requests. Regularly scanning computers with antivirus software and utilizing services like HaveIBeenPwned to check for compromised credentials are also crucial steps. The ongoing challenge for SMBs is to implement comprehensive security protocols that protect against both direct attacks and the ripple effects of widespread credential leaks. Looking ahead, businesses must remain vigilant as threat actors continue to evolve their tactics. The focus will increasingly shift towards proactive cybersecurity measures, employee education, and robust incident response plans to mitigate the inevitable risks posed by a persistent and sophisticated cybercrime landscape. Continued monitoring of dark web activity and collaboration with cybersecurity experts will be vital in protecting sensitive data and maintaining operational integrity.