Starbucks.com (US) was allegedly breached by threat actor shadowbyt3$ on 04/01/2026, after which the threat claimed the victim closed the S3 bucket (starbucks-prod) and failed to contact or pay an extortion demand of $500,000. The attackers stated they would not negotiate due to no outreach and warned other companies to contact them if listed, with the incident impacting #UnitedStates.
Incident Details
- Victim: StarBucks Company (StarBucks.com
- Sector: Hospitality and Tourism
- Country: US
- Actor: shadowbyt3$
- Source:
- Discovered: 2026-05-21T05:52:10.947443+00:00
- Published: 2026-05-21T05:52:07.986197+00:00
Information
- StarBucks failed to reach out or pay the requested $500,000, despite having the means to do so.
- No negotiations took place because the company did not make contact.
- The situation is now in the hands of cybercriminals.
- This is presented as a warning to other companies to reach out if they appear on the groupβs site.
- Only a limited amount of data is said to remain on the attackersβ servers due to migration of DMCA and abuse-ignoring infrastructure.
- The breach occurred on 04/01/2026, and the attackers claim the company was aware of it after closing the S3 bucket starbucks-prod.
Disclaimer: This post is based on public claims made by the ransomware group "shadowbyt3$". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.