Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company.
Founded in 2018, Figure uses the Provenance blockchain for lending, borrowing, and securities trading, and has unlocked over $22 billion in home equity with over 250 partners, including banks, credit unions, fintechs, and home improvement companies.
While the blockchain lender didn’t publicly disclose the incident, a Figure spokesperson told TechCrunch on Friday that the attackers stole “a limited number of files” in a social engineering attack.
BleepingComputer has also reached out to Figure with further questions about the breach, but a response was not immediately available.
Although the company has yet to share how many individuals were affected by the data breach, notification service Have I Been Pwned has now revealed the extent of the incident, reporting that data from 967,200 accounts was stolen in the attack.
“In February 2026, data obtained from the fintech lending platform Figure was publicly posted online,” Have I Been Pwned said on Wednesday.
“The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access.”
The ShinyHunters extortion group claimed responsibility for the breach and added the company to its dark web leak site, leaking 2.5GB of data allegedly stolen from thousands of loan applicants.
In recent weeks, ShinyHunters claimed similar breaches at Canada Goose, Panera Bread, Betterment, SoundCloud, PornHub, and CrowdStrike.
While not all of them are part of the same campaign, some of these victims were breached in a voice phishing (vishing) campaign targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google across more than 100 high-profile organizations.
The attackers are impersonating IT support, calling their targets’ employees and tricking them into entering credentials and multi-factor authentication (MFA) codes on phishing sites that impersonate their companies’ login portals.
Once in, they gain access to the victim’s SSO account, which provides them with access to other connected enterprise applications and services, including Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Zendesk, Dropbox, Adobe, Atlassian, and many others.
As part of this campaign, ShinyHunters also breached online dating giant Match Group, which owns multiple popular dating services, including Tinder, Hinge, Meetic, Match.com, and OkCupid.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.