Hackers Extorting Salesforce After Stealing Data From Dozens of Customers

Hackers Extorting Salesforce After Stealing Data From Dozens of Customers

Briefly

"Calling themselves Scattered LAPSUS$ Hunters, the miscreants appear to be members of the notorious Lapsus$, Scattered Spider, and ShinyHunters groups. Lapsus$ has been inactive since 2022, when Scattered Spider emerged. ShinyHunters first appeared in 2020 and joined forces with Scattered Spider earlier this year. They jointly announced their retirement last month. The hackers, who claim the theft of a total of roughly 1 billion records from the affected organizations' Salesforce instances, told DataBreaches that other businesses have been hit as well,"

"On a new Tor-based leak site, Scattered LAPSUS$ Hunters has listed 39 organizations targeted in their recent Salesforce campaign, claiming the theft of their data from Salesforce instances and threatening to leak it unless the CRM provider pays a ransom. The list includes known brands such as Adidas, Air France/KLM, Allianz Life, Cisco, Dior, Disney, FedEx, Google, Home Depot, Kering, Louis Vuitton, Qantas, Stellantis, Toyota, TransUnion, UPS, and Workday."

"In a notice on its website, Salesforce said it had no indication that its platform might have been hacked, and that the group's claims do not appear related to vulnerabilities in its platform. "We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities. Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support," Salesforce said."