Hacking group claims theft of 1 billion records from Salesforce customer databases

A notorious predominantly English-speaking hacking radical has launched a website to extort its victims, threatening to merchandise astir a cardinal records stolen from companies who store their customers’ information successful unreality databases hosted by Salesforce.

The loosely organized group, which has been known arsenic Lapsus$, Scattered Spider and ShinyHunters, person published a dedicated information leak tract connected the acheronian web, called Scattered LAPSUS$ Hunters. 

The website, archetypal spotted by menace quality researchers connected Friday and seen by TechCrunch, aims to pressure victims into paying the hackers to debar having their stolen information published online. 

“Contact america to regain power connected information governance and forestall nationalist disclosure of your data,” reads the site. “Do not beryllium the adjacent headline. All communications request strict verification and volition beryllium handled with discretion.”

Over the past fewer weeks, the ShinyHunters pack allegedly hacked dozens of high-profile companies by breaking into their cloud-based databases hosted by Salesforce. 

Image Credits:TechCrunch (screenshot)

Insurance elephantine Allianz Life, Google, manner conglomerate Kering, the hose Qantas, carmaking elephantine Stellantis, recognition bureau TransUnion, and the worker absorption level Workday, among respective others, person confirmed their information was stolen successful these wide hacks.

The hackers’ leak tract lists respective alleged victims, including FedEx, Hulu (owned by Disney), and Toyota Motors, nary of which responded to a petition for remark connected Friday.

It’s not wide if the companies known to person been hacked but not listed connected the hacking group’s leak tract person paid a ransom to the hackers to forestall their information from being published. A typical from ShinyHunters did not instantly respond to a connection from TechCrunch.

At the apical of the site, the hackers notation Salesforce and request that the institution negociate a ransom, threatening that different “all your customers [sic] information volition beryllium leaked.” The code of the connection suggests that Salesforce has not yet engaged with the hackers.

A spokesperson for Salesforce did not respond to TechCrunch’s outreach oregon questions astir the breach.

For weeks, information researchers person speculated that the group, which has historically eschewed a nationalist beingness online, was readying to publish a information leak website to extort its victims. 

Historically, specified websites person been associated with foreign, often Russian-speaking, ransomware gangs. In the past fewer years, these organized cybercrime groups person evolved from stealing, encrypting their victim’s information and past privately asking for a ransom, to simply threatening to people the stolen information online unless they get paid.