Hacking Group Launches Salesforce Data Breach Site to Extort Victims

Imagine a digital heist of epic proportions: a shadowy alliance of notorious hacking groups, collectively known as Scattered Lapsus$ Hunters, has brazenly plundered Salesforce, making off with a staggering billion records pilfered from the digital vaults of global titans. Now, these cyber-highwaymen have erected a virtual ransom note – a website where they’re dangling the stolen data of victims like Cloudflare, Zscaler, Google, and Workday, demanding payment to prevent the release of their precious secrets.

Threat actors have launched a website to extort Salesforce data breach victims

A digital extortion ring, cobbled together from the notorious Lapsus$, Scattered Spider, and ShinyHunters groups, has unveiled a dark web portal dedicated to weaponizing stolen Salesforce data. Their audacious scheme: pressure breach victims into paying a ransom to prevent the exposure of sensitive information. The chilling roll call on the Scattered Lapsus$ Hunters’ site includes alleged targets like FedEx, Hulu, and Toyota Motors, each now facing the threat of having their dirty laundry aired online.

The Salesforce breach just got real. Tech giants like Google and financial powerhouses such as Allianz Life are among the confirmed victims, their sensitive data now in the hands of hackers. Luxury brand Kering, airline Qantas, automotive conglomerate Stellantis, data giant TransUnion, and software provider Workday are also compromised. The burning question: Did these corporations pay a ransom to keep their dirty laundry from airing online? The silence is deafening.

"Worried about your data ending up on the front page? Reclaim command over your data governance now. We offer discreet and rigorously verified communication channels to ensure your sensitive information stays exactly where it belongs – safe and secure. Don’t become tomorrow’s cautionary tale."

Salesforce data breach site

Salesforce says its platform remains uncompromised

Salesforce users, not Salesforce itself, were the soft spot in a recent data breach. Forget platform vulnerabilities; cunning social engineering tactics are to blame, according to the tech giant. While Salesforce remains tight-lipped about ransom negotiations, one thing is clear: this wasn’t a tech glitch; it was a human hack.

A silent backdoor swung open via a compromised third-party application: Salesloft’s Drift integration. Attackers didn’t just knock; they slipped in, snatching OAuth and refresh tokens. With these API keys pilfered, they turned their attention to users of the customized application, transforming authorized access into a weapon.

A chilling list of 39 companies now sits exposed on a hacker’s website, victims ensnared in a data breach’s web. The hackers have issued an ultimatum: contact them by October 10th or face the public unveiling of your stolen secrets. The clock is ticking for these targeted organizations.

Thanks for reading Hacking Group Launches Salesforce Data Breach Site to Extort Victims

Tags
Inmom
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.