Resecurity, a cybersecurity firm, faced claims from the hacking group ShinyHunters, which announced on January 3 that they had breached Resecurity's internal systems. ShinyHunters claimed to have accessed sensitive data, including employee records and internal communications, and shared screenshots that they argued proved their access. They framed this breach as retaliation, accusing Resecurity of trying to deceive them with fake buyers on dark web forums. In response, Resecurity asserted that ShinyHunters interacted with a honeypot, a decoy environment designed to log unauthorized activity while keeping actual systems safe. This honeypot included fake employee accounts and isolated infrastructure, all unrelated to real operations. Resecurity provided evidence showing the attackers' interactions within this setup, including logs and screenshots of their access to fake accounts. They emphasized that no real client data or operational systems were compromised, stating the incident had no impact on actual assets. The firm explained that using synthetic data and deception tactics is a common strategy to study threat actors. They also pointed to a previous blog post that discussed ShinyHunters' activities, suggesting that the attack might stem from ongoing exposure of such groups. The evidence presented by Resecurity indicates that their honeypot strategy effectively misled ShinyHunters while recording their behavior.