Back to news
Cybersecurity Alert
July 7, 2026 by EmailMeNow IT Consulting

Was Moody Bible Institute Breached? We Scanned Their Domain Security

Moody Bible Institute appears on Have I Been Pwned with 2.3M accounts after a June 2026 ShinyHunters pay-or-leak campaign. Donor and alumni PII was published. Audits score moody.edu at 64% with 15% transport security.

Source: Have I Been Pwned · Moody Bible Institute

NewsData BreachShinyHuntersEducationIllinoisCybersecurity
Moody Bible Institute targeted by ShinyHunters extortion leak affecting 2.3 million accounts

Yes — Moody Bible Institute (moody.edu) was breached. The Chicago-based Christian college and ministry organization now appears on Have I Been Pwned with 2,303,416 accounts tied to a June 2026 incident in which ShinyHunters ran a “pay or leak” extortion campaign.

HIBP added the breach on July 3, 2026. Published data includes names, dates of birth, genders, marital statuses, phone numbers, and physical and email addresses for donors, supporters, students, and alumni — according to The Register and Cybersecurity News.

In a June 22, 2026 statement, Moody Bible Institute confirmed it was among several colleges targeted in June, implemented security protocols, engaged external forensic experts, and notified law enforcement. ShinyHunters published the stolen cache on June 23, 2026 after extortion demands were not met.

We scanned moody.edu and moodybible.org to assess email and domain security posture relevant to this leak.

What Happened

According to Have I Been Pwned, Moody’s disclosure, and threat-intelligence reporting:

  • June 2026 — ShinyHunters targeted Moody Bible Institute in a pay-or-leak extortion campaign.
  • June 22, 2026 — Moody published an investigation update; IT teams addressed a vulnerability and engaged forensic experts.
  • June 23, 2026 — ShinyHunters published stolen data publicly after negotiations failed.
  • July 3, 2026 — HIBP indexed 2.3M+ unique email addresses and associated PII.

Reporting from The Register notes ShinyHunters cited an Oracle PeopleSoft angle in the MBI attack — consistent with the group’s broader 2026 higher-education campaign against campus ERP and donor systems.

Illustration: ShinyHunters pay-or-leak extortion threat against Christian university donor and alumni data

Breach Impact at a Glance

FieldDetail
VictimMoody Bible Institute (moody.edu)
SectorChristian higher education / ministry
Threat actorShinyHunters
Accounts affected2,303,416
Breach periodJune 2026
Added to HIBPJuly 3, 2026
Populations exposedStudents, alumni, donors, supporters
Alleged sourceInternal systems / PeopleSoft (reported)

Data at Risk

Exposed records may include:

  • Full names and email addresses
  • Physical addresses and phone numbers
  • Dates of birth, genders, and marital statuses
  • Donor relations documents and supporter records

Because the leak maps donor and alumni contact graphs, affected individuals face elevated phishing, gift-card fraud, and impersonation of ministry staff — not just routine spam.

Illustration: university donor alumni and student personal data exposed in ShinyHunters leak

What Moody Has Said

Moody’s June 22 notice states the investigation remains ongoing and that the institute will notify affected individuals directly if additional protective measures are warranted under breach-notification laws. Until then, Moody advises affiliates to:

  • Review financial and online account statements for suspicious activity
  • Use credit freezes and fraud alerts
  • Maintain strong, unique passwords on online accounts

Independent Cybersecurity Audit

We ran an EmailMeNow Cybersecurity Audit on July 7, 2026:

DomainOverallIdentityTransportWebsiteRisk
moody.edu64%75%15%45%Above Average
moodybible.org64%75%15%45%Above Average

Key findings:

  • 64% overall (Above Average) — better than many breached colleges, but still below the 100% ideal for an institution holding donor PII and student records.
  • 75% Identity & Spoofing — partial-to-strong DMARC posture helps block some spoofed @moody.edu messages during an active leak window.
  • 15% Transport Security — no effective MTA-STS enforcement or TLS-RPT on either domain.
  • 45% Website Security — public web hardening lags email identity scores.
  • 100% Email Infrastructure — both domains route through Microsoft 365 / Exchange.

Illustration: moody.edu email security audit showing transport and website gaps after ShinyHunters leak

Stronger identity scores than some ShinyHunters victims do not undo a 2.3M-record leak — but weak 15% transport still leaves room for downgrade attacks on breach-notification email.

Audit links:

Priority Actions

If you are a Moody student, alumnus, donor, or supporter:

For colleges and faith-based nonprofits:

  • Audit PeopleSoft / ERP exposure and donor-database access — ShinyHunters has targeted campus systems repeatedly in 2026.
  • Deploy DMARC p=reject and MTA-STS mode=enforce to reach the 100% ideal on both identity and transport.
  • Segment donor CRM from general faculty email; monitor bulk exports.

Protect donor, alumni, and student correspondence.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for DMARC enforcement, MTA-STS deployment, and incident response planning.


Sources: HIBP — Moody Bible Institute · Moody — data incident investigation · The Register — ShinyHunters leak · Cybersecurity News — Moody breach · EmailMeNow audit — moody.edu