ShinyHunters leaks data on 2.3 million Moody Bible supporters

The extortion group ShinyHunters has published data it says was stolen from the Moody Bible Institute, a well known faith based educational organization in the United States, exposing personal information on more than 2.3 million donors, students, alumni, and supporters. The institute has disclosed the breach.

According to Check Point Research's weekly threat intelligence bulletin, the leaked records include names, dates of birth, home addresses, email addresses, and phone numbers. That combination is more than enough to power convincing phishing, fraud, and impersonation aimed at a community of religious donors, a group that scammers see as trusting and generous.

Who is behind it

ShinyHunters is a prolific data theft and extortion crew that steals databases and then pressures victims by leaking or auctioning the contents when they refuse to pay. IntelFusions tracks the group on its threat actor profile, and only days earlier the crew claimed test equipment maker Fluke and distributor Ingram Content. The Moody Bible Institute leak fits its usual pattern of publishing stolen data as leverage rather than deploying a file encrypting payload.

What is at risk

No financial account numbers or passwords were listed among the exposed fields, but names tied to dates of birth and full contact details make a durable identity theft toolkit. Anyone who receives a message referencing a donation, a class, or alumni status should be especially wary of unexpected requests to click a link, confirm details, or send money.

What you should do

People connected to the institute should treat any unsolicited call, text, or email that cites their relationship with Moody as suspect, avoid acting on links inside such messages, and consider placing a fraud alert or credit freeze. Organizations that hold large donor or alumni databases should take the incident as a reminder that these records are prime extortion targets and belong under tight access control, active monitoring, and aggressive data minimization.

This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.

Read the full analysis on IntelFusions