Data breach at fintech firm Figure affects nearly 1 million accounts
Source: Bleeping Computer
Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self‑described blockchain‑native financial technology company.
Founded in 2018, Figure uses the Provenance blockchain for lending, borrowing, and securities trading, and has unlocked over $22 billion in home equity with more than 250 partners, including banks, credit unions, fintechs, and home‑improvement companies.
Breach details
While the blockchain lender didn’t publicly disclose the incident, a Figure spokesperson told TechCrunch that the attackers stole “a limited number of files” in a social‑engineering attack.
BleepingComputer has also reached out to Figure for further comment, but a response was not immediately available.
Notification service Have I Been Pwned has now revealed the extent of the incident, reporting that data from 967,200 accounts was stolen. The service noted that the exposed data, dating back to January 2026, contained over 900 k unique email addresses along with names, phone numbers, physical addresses, and dates of birth. Figure confirmed the incident and attributed it to a social‑engineering attack in which an employee was tricked into providing access.
ShinyHunters involvement
The extortion group ShinyHunters claimed responsibility for the breach and added the company to its dark‑web leak site, leaking 2.5 GB of data allegedly stolen from thousands of loan applicants.
Figure Technology on ShinyHunters leak site (BleepingComputer)
In recent weeks, ShinyHunters claimed similar breaches at:
While not all of these incidents are part of the same campaign, many victims were breached in a voice‑phishing (vishing) campaign targeting single sign‑on (SSO) accounts at Okta, Microsoft, and Google across more than 100 high‑profile organizations. The attackers impersonate IT support, call employees, and trick them into entering credentials and multi‑factor authentication (MFA) codes on phishing sites that mimic corporate login portals. Once they obtain the SSO credentials, they gain access to a wide range of connected enterprise applications, including Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Zendesk, Dropbox, Adobe, Atlassian, and many others.
As part of this broader campaign, ShinyHunters also breached online‑dating giant Match Group, which owns Tinder, Hinge, Meetic, Match.com, and OkCupid.