• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 17,000 monthly views and 220,000 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Salesforce Data Breach: ShinyHunters Leak Site Threatens 39 Companies

johny899

New Member
Content Writer
Messages
507
Reaction score
3
Points
23
Balance
$586.0USD
The hacker group ShinyHunters has launched a new website to leak stolen information, using it to blackmail 39 organizations that were attacked recently in Salesforce. They even gave themselves a new brand: "Scattered Lapsus$ Hunters." On their website, they have already posted sample data and told companies to pay or else "we will leak everything if no payment is received by October 10."

Big Companies Targeted​

This is not about small businesses. The victims they are targeting comprise massive companies that we all know:

  • Google, FedEx, Disney/Hulu, Cisco, Toyota, Marriott
  • Home Depot, Gap, McDonald’s, Walgreens, Instacart
  • Adidas, Cartier, Chanel, IKEA, Air France, UPS
A serious list of brand names.

What Hackers Want​

These hackers are not only pressuring their 39 companies, they also have Salesforce in their sights and are outlining the following demands:

  • Salesforce must pay, or they’ll release 1 billion records they stole from multiple companies.
  • If Salesforce pays, they won’t continue to go after its customers.
  • If Salesforce does not pay, the hackers will release all the data they stole, as well as provide assistance to outside lawyers in their lawsuits against Salesforce for violating their privacy policy.
That is a serious threat.

How the Attack Worked​

So, how does ShinyHunters break in? They used a tactic called voice phishing, and by doing so, they called employees and tricked them into connecting sham apps with their Salesforce account.

The hackers were able to gain access to:

  • Customer and employee records
  • Company databases
  • Passwords, AWS keys, and Snowflake tokens
One employee's minor mistake allowed hackers to steal an excessive amount of confidential information.

Why Does This Matter​

This attack shows a larger idea: even the biggest organizations can come to a halt if only one staff member clicks something incorrect. Hackers are not simply stealing data, they are also pressuring companies for ransom and threats.

Now, if your company uses Salesforce (and many companies do), you are probably thinking: “Could this happen to us?” The answer is yes - unless everyone is super cautious!

Final Thoughts​

ShinyHunters are currently running a website where they plan to leak the stolen Salesforce data. They are forcing 39 companies to pay. Salesforce is now under extreme pressure.

If I worked at one of those companies, I would ensure everyone is educated on the importance of not trusting random phone calls or links because it only take the click of one thing to get written up in the news.
 
You must log in or register to reply here.
Menu
Log in
Register