"Salesforce won't pay a ransom demand to criminals who claim to have stolen nearly 1 billion customer records and are threatening to leak the data if the CRM giant doesn't pony up some cash. "Salesforce will not engage, negotiate with, or pay any extortion demand," Allen Tsai, a Salesforce spokesperson, told The Register. It has reportedly told customers the same thing. The SaaS giant declined to answer any additional questions and directed us to the company's official statements about the security incident. The most recent update, from October 2, says Salesforce is "aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities.""
"The gang also offered $10 in Bitcoin to anyone willing to "endlessly harass these executives" in an attempt to pressure the purported victims into paying ransoms. Prior to the leak site going live, Google - which previously confirmed the attacks and is investigating the intrusions - and Salesforce notified organizations believed to be affected. The criminals set an October 10 deadline for Salesforce to negotiate a payment, "or all your customers' data will be leaked.""
Salesforce will not engage, negotiate with, or pay any extortion demand. Salesforce is aware of recent extortion attempts by threat actors and investigated those attempts in partnership with external experts and authorities. The attempts to extort ransom payments relate to past or unsubstantiated incidents, and Salesforce remains engaged with affected customers to provide support. At this time, there is no indication the Salesforce platform has been compromised nor that the activity relates to any known vulnerability in the technology. A group calling itself Scattered LAPSUS$ Hunters listed 39 companies' Salesforce environments, claimed 989.45 million stolen records, set an October 10 deadline, and offered bounties to harass executives. Google and Salesforce notified potentially affected organizations.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]