Salesforce says social engineering to blame for breaches leading to ransom demands | MarTech

Salesforce says social engineering to blame for breaches leading to ransom demands | MarTech

Briefly

"Hackers claiming to have accessed and stolen nearly 1 billion Salesforce records set up a site on the dark web late last week, demanding a ransom from 39 companies and Salesforce itself before releasing the records. The hackers gave a deadline of Oct. 10. 2025. The hackers, who go by the moniker Shiny Hunters and published the list on a site they call Scattered Lapsus$ Hunters, published what they claimed were samples of stolen data from brands like Adidas, Cisco, FedEx, Disney and more."

"For its part, Salesforce states that the data loss did not originate from a compromise of the Salesforce platform, but rather from social engineering attacks targeting Salesforce users. The "past or unsubstantiated incidents" refer to an ongoing series of social engineering and third-party app attacks reported over the past several months. In June 2025, Google Threat Intelligence reported on voice phishing attacks (i.e., phone calls from hackers) by members of the Shiny Hunters, who tricked people into installing malicious OAuth applications."

"By September 2025, the problem of unauthorized access to Salesforce data was bad enough that 14 companies sued Salesforce over the issue. Last week's ransom demand appears to be something of a culmination of these efforts to obtain Salesforce records and demand a ransom. Across online platforms like LinkedIn and Reddit, observers say, social engineering or not, Salesforce is not unaccountable for these incidents."