// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
ColdRecon / Breach Radar / Marcus & Millichap
Breach Record

Marcus & Millichap

DISCLOSED 2026-04-12 · STOLEN CREDS · 1,837,078 RECORDS EXPOSED

In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group. Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M unique email addresses, along with names, phone numbers and employment-related information including...

The record

What we know

Disclosed
2026-04-12
Attack vector
Stolen Creds
Records exposed
1,837,078
Domain
marcusmillichap.com
Data classes exposed
Email addressesEmployersJob titlesNamesPhone numbersPhysical addresses
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Marcus & Millichap disclosure. It updates if new public reporting emerges. All tracked breaches →

Marcus & Millichap just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →