ShinyHunters, one of the most prolific data extortion gangs operating today, has been exploiting Oracle PeopleSoft servers to steal massive troves of sensitive information.
The most significant known incident tied to this campaign hit Wynn Resorts in September 2025. ShinyHunters reportedly gained initial access by exploiting a vulnerability within Wynn’s PeopleSoft system using employee credentials, ultimately exposing the personal identifiable information of over 800,000 employees. That includes names, Social Security numbers, and the kind of data that makes identity theft trivially easy.
How the attacks work, and what ShinyHunters wants
PeopleSoft is Oracle’s enterprise resource planning software, used by large organizations to manage everything from payroll to student records.
In the Wynn Resorts breach, the group leveraged compromised employee credentials to navigate the PeopleSoft environment. Once inside, they exfiltrated a massive dataset and then demanded payment to not leak the stolen information. The ransom request came to 22.34 BTC, roughly equivalent to $1.5 million at the time.
