A wide-scale cybersecurity scare has hit global enterprises after a notorious English-speaking hacking group claimed to have breached cloud databases hosted by Salesforce, threatening to leak approximately one billion records unless a ransom is paid. The hackers, operating under aliases such as Lapsus$, Scattered Spider, and ShinyHunters, have unveiled a new data leak site on the dark web Scattered LAPSUS$ Hunters offering evidence of their alleged exploits and intensifying pressure on their victims.
In recent weeks, the group claims to have accessed databases of dozens of high-profile companies that rely on Salesforce’s cloud for storing sensitive customer information. Affected organizations that have confirmed data loss to date include Allianz Life, Google, the fashion conglomerate Kering, airline Qantas, carmaker Stellantis, credit bureau TransUnion, and HR platform Workday. The hackers’ leak site also publicly lists other major firms such as FedEx, Hulu, and Toyota, though these companies have not responded to media requests for comment, leaving the complete scope of exposure unclear.
Despite direct threats demanding negotiations with Salesforce, the CRM giant has asserted through public statements that there is currently “no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.” Instead, company spokespeople emphasize that these incidents appear linked to specific customer accounts and not to systemic platform flaws. Salesforce says it remains in touch with impacted clients and is offering support, but has provided no indication that it is negotiating with the hackers or acceding to any ransom demands
Cybersecurity experts and threat intelligence researchers have tracked the hacking group’s evolving tactics ranging from direct cyberattacks to social engineering schemes often targeting help desks and employees with sophisticated phishing and vishing approaches. Their new extortion site is designed to apply maximum pressure by threatening public exposure, with messages such as “Do not be the next headline,” and a mechanism for affected entities to discreetly contact the attackers and, presumably, negotiate the fate of their data
Fact-checking reveals that confirmations of data breaches have only come from a handful of firms, but the criminals claim a much wider list of affected companies. At this stage, public sector investigators and Salesforce’s own security reviews have found no evidence of a platform-wide breach or software vulnerability. However, the rapid proliferation of customer-targeted attacks has brought renewed calls for stronger authentication and employee awareness at organizations managing sensitive client data in cloud environments.[
If ransom demands remain unmet, the threat actors claim that massive troves of sensitive information could be released, raising the stakes for both Salesforce’s reputation and data security in the enterprise software sector. As the situation evolves, affected firms are urged to monitor for signs of fraud, enhance their internal defenses, and remain vigilant against follow-on cyber threats targeting leaked data.
Also Read: WhiteHat Jr Marketing Gone Wrong: What Startups Can Learn from Its Failure?
