ShinyHunters Hackers Ask for Ransom for 1 Billion Salesforce Records on Dark Web, Report Claims

Uncategorized Mihnea

Is your organization utilizing Salesforce? A group of hackers might have compromised your information, or at the very least, they want you to think so.

On Friday, cyber security experts discovered a dark web site trying to blackmail victims of a significant Salesforce data breach. According to TechCrunch, the attackers assert that they have acquired approximately one billion customer records from firms using Salesforce in recent weeks.

The information encompasses records of each firm’s clientele, stored in cloud databases overseen by Salesforce, renowned for its cloud-based enterprise solutions.

The hackers’ site enumerates several businesses they allege were impacted by this breach, including FedEx, Toyota, and Disney Hulu. Some companies, such as Google and TransUnion, have verified that their data was recently compromised in a Salesforce breach, yet they do not appear on the ransom site for reasons that remain unclear.

The individuals behind the site have gone by names such as Scattered Spider, ShinyHunters, and Lapsus$. The dark web site that is disclosing the leak is referred to as Scattered LAPSUS$ Hunters.

Mashable has reported on this hacker collective in the past. They have taken responsibility for several high-profile intrusions, including the Ticketmaster breach and the AT&T data leak. Their targets vary from major airlines to the developers of Grand Theft Auto.

“Reach out to us to regain control over data management and avert public exposure of your information,” the hackers’ dark web site proclaims, according to Tech Crunch. “Do not become the next news story. All communications require strict validation and will be managed with confidentiality.”

The hacker collective appears to be attempting to extort Salesforce directly, threatening to unveil customer data unless Salesforce makes a ransom payment.

In response, Salesforce released a security advisory titled “Ongoing Response to Social Engineering Threats”:

We are informed about recent extortion efforts by threat actors, which we have examined with external specialists and official organizations. Our investigations suggest that these efforts are linked to previous or unverified occurrences, and