They refused to pay the ransom demanded by the cybercrime group, saying they would donate it to security research instead.

Checkout.com, a digital payment service provider, released a statement titled 'Protecting Our Merchants: Standing Up to Extortion' on November 12, 2025. In the statement, Checkout.com stated that it would refuse to pay ransoms to cybercrime groups and would donate the money to security research organizations.

Protecting our Merchants: Standing up to Extortion
https://www.checkout.com/blog/protecting-our-merchants-standing-up-to-extortion

In November 2025, Checkout.com received an undisclosed ransom demand from a criminal group calling itself 'Shiny Hunters' for data related to the company.

The investigation revealed that Shiny Hunters obtained data by unauthorizedly accessing an older, third-party cloud file storage system used before 2020. At the time, the system was used for internal operational documentation and merchant onboarding materials.

While there was no impact to the payment processing platform, and no access to merchant funds or card numbers, Checkout.com has acknowledged the incident as its own negligence and accepts full responsibility, apologizing for any concerns it may have caused its partners and stakeholders. The company also stated that it is working to identify and contact merchants who may have been affected, and is working closely with law enforcement and relevant regulatory authorities.

Meanwhile, Checkout.com declared, 'We will not succumb to criminal extortion or pay the ransom. We will turn this attack into an investment in industry-wide security.' The amount demanded as ransom will be donated to Carnegie Mellon University and the Oxford University Cyber Security Center to support research into the fight against cybercrime. Checkout.com stated, 'Security, transparency, and trust are the foundations of our industry,' and declared its commitment to investing in the fight against criminals who threaten the digital economy.

In addition, a comment was posted on the social news site Hacker News saying, 'I was in prison with a member of ShinyHunters who was arrested by the FBI a few years ago.' According to this, ShinyHunters not only used phishing scams to retrieve information, but also searched GitHub for API endpoints and looked for leaked API keys. ShinyHunters members also disliked GitHub's 'Secret Scan ' feature, which automatically scans for leaked keys, because it interfered with their work.