Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

StarBucks Company (StarBucks.com

Starbucks.com
Group Shadowbyt3$
Discovered 2026-05-21 05:52 UTC
Est. attack date 2026-04-01
Country US

Description:

StarBucks Failed to reach out to us and didn't pay even $500,000 when we know they can afford it. It's not even that much we were asking for. Since you didn't contact is no negotiations and this is now in the hands of cybercriminals. This is a warning to all companies if you see yourself posted here to reach us. This is the only ammount we have on are servers due to migrating dmca and ignore abuse infrastructure. They were breached on 04/01/2026 and they know they were breached because they closed the s3 bucket starbucks-prod.
Infostealer activity detected by HudsonRock

Compromised Employees: 90

Compromised Users: 32441

Third Party Employee Credentials: 99

External Attack Surface: 127

Infostealer Distribution

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domainabusecscglobal.com
MX Records
  • mx1.starbucks.iphmx.com. Cisco/IronPort
  • mx2.starbucks.iphmx.com. Cisco/IronPort
TXT Records
  • cloudflare_dashboard_sso=03801556e33112a7107036e615aa170b
  • v=spf1 exists:%{i}.spf.starbucks.iphmx.com ip4:68.233.76.14 ip4:12.18.76.135 ip4:12.18.76.138 ip4:208.86.168.7 include:spf.protection.outlook.com include:mail.zendesk.com include:sendgrid.net -all
  • postman-domain-verification=64c246354393461dc9421c9ec8f59aac52b3bc6cbeb6081650db2f30a344d86159aed0d4229409665dd396add22cac7e58c6beceb4a3823e4cd0f1ba5069ea9b
  • cloudflare_dashboard_sso=e1868c558854cbf0320ef1eaef770fcd
  • MS=ms69354212
  • intersight=ca02378ec1bd962e0d53c242e1f8a7d59f6725e18f0cf3d7ac3380217fd93bcc
  • docker-verification=87b73db4-b13b-4b12-a30f-cc4beb5142c4
  • infoblox-domain-mastery=dd4538b82c0b7adfad07a4d55cb331cc55e9e067dc0263adcd80a08097eb1e819a
  • adobe-idp-site-verification=4270c7f7-047a-43a8-bfce-927adc927376
  • 5288bb6397ee58880703a12f1db98c6c6cf25072029bc39db52da1aeb228cdf5
  • miro-verification=bb774a5c93c8685b1bacf66212124c0610e2a276
  • mongodb-site-verification=g1q8eE7r9erqdXdv7kenwT1QqSxNNupW
  • atlassian-domain-verification=fKuRngpxk5U8SqMw0FNheA958JfxbkkgY6ZH8jaLZvtKv12R3QHvXNX85OXkWaZM
  • vmware-cloud-verification-12c35ecd-895f-4643-b6a2-e8d18a71621c
  • google-site-verification=1wdfJOvnvwDwsjUihr1aONTvej4_YU0aPGbPNjf6v7I
  • hcp-domain-verification=c963a536f627ab82d56916226e669c6c17ea1ab884b1591083fd5f1e425034be
  • facebook-domain-verification=dvhkybgmq3631p5uivpvzx0vhpe1xl
  • apple-domain-verification=qG2EDykFV67aLREd
  • MS=ms69826482
  • jamf-site-verification=PTESmz_qcu8FT4u9OHJAXw
  • wiz-domain-verification=d55f7d8d667639d6b585d8d5f589612b4d274b3cc251f8e59b275135b52dd0a9
  • s65SXGErvGm+cplTTb33Qjt0r8uf4cYX/0KtxqAoQ/BKXVAHUgePR0WGgGwFZX07HBHz+qwYCxurZ0LXUAjxCg==
  • wrike-verification=NDAwNDE2OTo5ZTNhODcxNDRkYmYzNTliZThkNGQ3NzllZWM1ZDAyMzI4MzI0ZTVlMTYxYmVjYTMxNjAxN2I3NGYwZDk2Y2Ix
  • google-site-verification=QFlotoY7uUKhhC9asIM9YGV0aAI3NXUqE4r1Q9tgVdc
  • 1142563
  • cursor-domain-verification-ss7a74=JPIWY1cT0fn9GX8KUliQKjFZh
  • 48ds1q9t73yj6g4f181j95hzrf1dqkd3
  • mongodb-site-verification=aMLkGghfmdo0fynB0AIPv8uwk2H4J6q7
  • fastly-domain-delegation-3ofkfpp322-433001-2021-09-16
  • N9PFmbSsXNDwreizyPEPncunYquA013T1N4ECj4CI/JjBauNRfAEsEdA5fcNKmjkAnNQEgV0srFZPb60mvEJGQ==
Cloud / SaaS Services Detected
Adobe Apple Atlassian Docker Microsoft 365 Miro JamF Zendesk SendGrid

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.