Salesforce says social engineering to blame for breaches leading to ransom demands | MarTech
Briefly

Salesforce says social engineering to blame for breaches leading to ransom demands | MarTech
"Hackers claiming to have accessed and stolen nearly 1 billion Salesforce records set up a site on the dark web late last week, demanding a ransom from 39 companies and Salesforce itself before releasing the records. The hackers gave a deadline of Oct. 10. 2025. The hackers, who go by the moniker Shiny Hunters and published the list on a site they call Scattered Lapsus$ Hunters, published what they claimed were samples of stolen data from brands like Adidas, Cisco, FedEx, Disney and more."
"For its part, Salesforce states that the data loss did not originate from a compromise of the Salesforce platform, but rather from social engineering attacks targeting Salesforce users. The "past or unsubstantiated incidents" refer to an ongoing series of social engineering and third-party app attacks reported over the past several months. In June 2025, Google Threat Intelligence reported on voice phishing attacks (i.e., phone calls from hackers) by members of the Shiny Hunters, who tricked people into installing malicious OAuth applications."
"By September 2025, the problem of unauthorized access to Salesforce data was bad enough that 14 companies sued Salesforce over the issue. Last week's ransom demand appears to be something of a culmination of these efforts to obtain Salesforce records and demand a ransom. Across online platforms like LinkedIn and Reddit, observers say, social engineering or not, Salesforce is not unaccountable for these incidents."
Nearly 1 billion Salesforce records were allegedly accessed and posted to a dark-web site where hackers demanded ransom from 39 companies and Salesforce, setting an Oct. 10, 2025 deadline. The group Shiny Hunters posted samples claiming data from brands including Adidas, Cisco, FedEx and Disney. Salesforce says the data loss resulted from social engineering targeting users, not a platform compromise. The incidents follow months of voice-phishing and malicious OAuth app installs, and an exploited Salesloft Drift–Salesforce integration. By September 2025, 14 companies sued Salesforce, and observers on LinkedIn and Reddit hold Salesforce partly accountable.
Read at MarTech
Unable to calculate read time
[
|
]