Home » The 6 biggest cybersecurity breaches of 2026 so far

The 6 biggest cybersecurity breaches of 2026 so far

by Brandon Duncan


The year is only halfway through, yet 2026 has already been filled with data breaches, hacks, and cybersecurity incidents.

So let’s take a look back at the biggest cybersecurity breaches of 2026 so far. Mashable has picked the six most impactful incidents. There’s likely lessons to be learned in order to protect yourself for the rest of the year.

Here they are, in no particular order.

Grand Theft Auto VI fans and Rockstar Games

GTA 6, the most anticipated video game for the past decade, will finally be released this year. And malicious actors are already targeting its fans and even the game’s developer.

Fake GTA 6 pre-order websites, fake GTA 6 mobile apps, and even fake sites that copy legitimate game download platforms have been popping up since developer Rockstar Games confirmed a late 2026 launch for the game.

It’s unclear just how many users have already been affected, but it’s obviously growing, as hackers will continue to target Grand Theft Auto gamers up until the game’s release and likely well beyond.

Not even Rockstar Games is safe. Earlier this year, the now-infamous hacker collective ShinyHunters announced that it had breached the game developer’s networks. ShinyHackers sought out a ransom in exchange for not releasing the data it had stolen.

Rockstar downplayed the severity of the data breach, saying the breach occurred at a third-party provider. It also appeared that the data comprised corporate assets rather than private user information.

Instructure data breach

Edtech giant Instructure, the company behind the popular Learning Management System (LMS) Canvas, was a victim of what was easily one of the biggest breaches of the year so far.

The Instructure breach was also carried out by ShinyHunters, the hacking collective that is becoming quite notorious as the likely culprit behind so many data breaches. The stolen data in this breach included users’ names, email addresses, student IDs, and private messages exchanged on the platform, which was used by a whopping 275 million users at nearly 9,000 schools around the world. These users included students, teachers, and school staff.

To make matters even worse, ShinyHunters breached Instructure’s platforms again just one week after the company claimed it had fixed the security issues associated with the original data breach. This time, however, ShinyHunters defaced the login pages of specific schools.

The data breaches forced some schools to postpone final exams and assignments, as Instructure took its platforms offline to address the cybersecurity incidents.

ShinyHunters is well known for carrying out breaches and demanding a ransom in return for not releasing the data. It appears that Instructure struck a deal with ShinyHunters to prevent its users’ data from being disseminated. It’s certainly a worrying outcome that doesn’t bode well for how future data breaches may pan out.

Conduent data breach

Conduent is a data management company whose clients include many major corporations, healthcare providers, and state agencies. So, when there’s a data breach at an organization that handles sensitive data belonging to Humana and Blue Cross and Blue Shield of Texas, just to name a few, there is cause for concern.

Earlier this year, at least 25 million people in just two states were affected by a data breach at Conduent. A reported 15 million people were affected in Texas, which is just shy of half of the state’s more than 31 million residents. Reports state that more than 10 million people were affected in Oregon.

According to Conduent, the unauthorized parties “obtained some files that contained individuals’ personal information, which came into our possession due to the services that we provide to your current and former health plan.”

This data included users’ names, Social Security numbers, medical information, and health insurance information.

That’s a big cybersecurity incident involving some of the most sensitive user data that can be obtained.

Meta AI supports Instagram vulnerability

The most recent incident on this list perfectly encapsulates many of the unresolved cybersecurity issues with AI.

Meta rolled out an AI-powered support chatbot for Instagram. Hackers figured out they could simply request that the AI chatbot send a password reset link for any Instagram account to the hacker’s email address. Meta AI support complied with the requests simply because the hacker told them they were the account owner and needed the chatbot to send the password reset link to a new email address.

Malicious actors were stealing highly followed Instagram accounts through this method and then selling them on online black markets.

Meta did eventually fix the issue, but affected users were still locked out of their accounts for a time.

This may not have been the biggest, most widespread hack on our list. But the method used to steal these Instagram accounts is certainly the fastest-growing tool in hackers’ arsenal. We’ll be seeing many more bad actors tricking easy-to-fool AI-powered systems in the very near future.

DarkSword spyware

What if a hacker could steal a smartphone’s data with nothing more than their target visiting a website?

DarkSword spyware, which could do just that, had Google and numerous cybersecurity firms ringing the alarm bells earlier this year.

Google Threat Intelligence Group and cybersecurity companies Lookout and iVerify laid out their findings in March, showing how malicious actors were exploiting vulnerabilities in Apple’s iPhone to siphon data from a device after the target visited an infected website.

Call logs, contacts, iMessage and WhatsApp data, email, calendars, notes, photos, screenshots, location history, web browser history, signed-in account identities, device keychains, SIM card info, Find My Phone settings, WiFi passwords, iCloud content, and more were all able to be pulled from a malicious actor using DarkSword.

Nearly 25 percent of all iPhones are still running some version of iOS 18, the iPhone operating system that was susceptible to the attack. This meant that there were potentially hundreds of millions of iOS devices on which DarkSword could be deployed.

According to the reports, Russian hacker groups were already deploying the spyware “to fully compromise devices.”

To make matters worse, DarkSword was soon released into the wild shortly after the cybersecurity firms warned about it.

Apple did release updates and important information for users who were susceptible to the spyware. However, the existence of such an exploit shows just how easy it’s becoming for bad actors to carry out an attack.

WeedHack

Speaking of how easy it is to get hacked, WeedHack may be the perfect example of how accessible it is to become an attacker, too.

A recent report from McAfee Labs detailed a new hacker tool being offered as a $5 per month service to aspiring attackers who may not have the technical know-how to carry out a campaign themselves. 

WeedHack is a malware that’s deployed under the guise of a Minecraft client or mod. Once a device is infected, an attacker can collect system information, search for files on the infected device, take screenshots of the target’s system, and steal cookies and passwords from the target’s web browser. And that’s just the free version.

For $5 per month, an attacker could also gain webcam access to the infected device, keylogging capabilities, screen sharing with keyboard and mouse access, file management features for uploading and downloading files, and more.

Perhaps the most concerning revelation, however, was just how WeedHack was being used.

McAfee Labs uncovered a Telegram channel for WeedHack’s customer base and found it was largely used by teenagers and young adults who were using the malware to cyberbully other young people, threatening, harassing, and spying on victims. 

Malware-as-a-service has existed before, but WeedHack seems to be ushering in something that goes well beyond just your typical cybersecurity issues.



Source link

You may also like

Leave a Comment