Hackers demand Bitcoin or release ‘explicit’ photos

An innocent man has spoken of his terror after hackers demanded he hand over Bitcoin worth thousands or they would release what they claimed were photos of him accessing ‘explicit’ sites on the dark web. John, who did not use his last name, was told not to contact the police or tell anyone else about the threat. The message purportedly came from a group of hackers known as the ShinyHunters, who hit the headlines in April 2026 for breaching Amtrak – a major train company

in America. They demanded $2000 worth of Bitcoin after claiming to install an ‘exploit’ on John’s phone. They said they had compromising photos of John, which they would release to all of the contacts on his phone if he did not pay up. John messaged BBC’s Morning Live programme to speak to scam expert Nick Stapleton about his dilemma. John’s full message read: “I received a ransom demand from someone called ShinyHunters. They said they had got hold of data and said they had ‘installed

an exploit’ on my phone, giving them access to all my contacts. “They are demanding $2000 in Bitcoin or they will release supposed photos they have of me accessing explicit sites on the dark web. I haven’t done this but I’ve been warned against talking to the police or anyone else. It’s very scary.” According to Cisco, an exploit is ‘a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically

for malicious purposes such as installing malware. An exploit is not malware itself, but rather it is a method used by cybercriminals to deliver malware’. Barclays says that 2025 saw almost half of UK adults (45 per cent) being targeted by a scam, rising to nearly two-thirds of Gen Z (64 per cent). This is partyl due to the rise in investment scams, although SMS/text scams have also returned in large numbers. In response, Nick said: “What a terrifying email to receive. Thankfully, it’s complete

nonsense. It’s not true at all, that’s the most important thing to say. We’ve been in contact with John and told him that, to set his mind at ease, because it was very important that we let him know. “It sounds like a really personal attack, but the reality of an email like this is that they are just scammers sending out thousands of these things, generic emails like this to thousands of people, hoping that someone will read it, it will panic them, it

will knock them off balance, and they will do what is asked of them and they will pay up. “The scammers who are getting in touch with John here do not have the ability to hack people in this way. It is a really complicated operation, a really difficult thing to do. Ultimately, if you have got that kind of skill, you are not going to be wasting your time on private individuals who may or may not respond to your demands for ransom. They

could be using it for something much more profitable. “In John’s case, the group claiming to be ShinyHunters, which is a hacking group that really exists. It is quite clever on the scammers’ part because if you really go and google ShinyHunters, you might find a headline that they did genuinely hack Amtrak, the train service in the US. “There was a big customer data breach because of it, so they are giving their email an extra layer of validity just by claiming to be

this group even though they have nothing to do with them and haven’t really hacked your phone.” When asked what you should do if you are the target of a scam, Nick continued: “The absolute first thing you should do is not pay. By paying people who run this kind of scam, you are encouraging and funding them to try it repeatedly, because scammers tend to stick with stuff that works. “Responding at all can make you a target for future scams because they’ll probably

then sell your data by saying, ‘hey, this person read the ransom email, and they responded to it, so you never know, they might respond to one of your scams. “There’s a really useful website you can look at which has a really funny internet name called HaveIBeenPwned. Pwned is basically internet speak for ‘have I had my data breached?’. You put your email address or phone number into this website and it will tell you how many times your data has either been leaked

online by a corporation making a mistake or there’s been a hack that has invovled your data. “That doesn’t mean you are necessarily at risk right now, but it is good to be on top of it. I had one email address that had been shared 13 times, for example. But as long as you know the passwords and usernames that have been leaked are historic and you don’t use them anymore (it’s okay). You can check the dates on the website and make sure

you are not using them now and you are all good. “Emails like that are complete nonsense, though. People that have that level of skill are not wasting their time on what ifs from private individuals.”

ShinyHunters, Bitcoin ransom, dark web photos, scam email, exploit, HaveIBeenPwned, cybercrime, Barclays scams statistics, Amtrak breach April 2026