Close Menu
    AI Ethics & Regulation

    Scattered LAPSUS$ Hunters Declare Salesforce Breach, 1B Data, 39 Corporations Listed

    Declan MurphyBy No Comments4 Mins Read
    Scattered LAPSUS$ Hunters Declare Salesforce Breach, 1B Data, 39 Corporations Listed


    A brand new leak website has gone dwell, operated by the infamous group calling itself “Scattered Lapsus$ Hunters,” (a coalition that mixes the techniques and branding of Scattered Spider, Lapsu$, and ShinyHunters) and it carries a daring declare that Salesforce, one of many largest SaaS and CRM suppliers on the planet, has been breached and shut to at least one billion data (989 million data) are up on the market.

    The leak website launched by Scattered LAPSUS$ Hunters (Picture credit score: Hackread.com)

    The group says the assault passed off in mid-2024 and that the stolen knowledge quantities to a number of terabytes. In messages posted to their website, they allege the information contains extremely delicate private info similar to Social Safety numbers, driver’s licenses, and dates of start. They’re now demanding that Salesforce negotiate earlier than an October 10, 2025, deadline, warning that failure to take action will end result within the launch of the complete cache.

    Moreover, the hackers are additionally inviting legislation corporations to cooperate with them, even naming Berger Montague as a associate they might share proof with. The hackers are presenting this much less like a risk and extra like a suggestion. In addition they declare they may present detailed documentation to courts and regulators in america and Europe, alleging Salesforce acted with “legal negligence” by failing to dam repeated intrusions.

    The record of firms named as victims on the leak website is very large. The group has listed 39 organizations whose knowledge they are saying was taken from Salesforce-hosted methods. The record contains:

    Scattered LAPSUS$ Hunters Claim Salesforce Breach, 1B Records, 39 Firms Listed
    (Picture credit score: Hackread.com)
    1. KFC – 1.3GB
    2. ASICS – 9GB
    3. UPS – 91.34GB
    4. IKEA – 13GB
    5. GAP, INC. – 1GB
    6. Petco – 9.9GB
    7. Cisco – 5.6GB
    8. McDonald’s – 28GB
    9. Cartier – 1.4GB
    10. Adidas – 37GB
    11. Fujifilm – 155MB
    12. Instacart – 32GB
    13. Marriott – 7GB
    14. Walgreens – 11GB
    15. Pandoranet – 8.3GB
    16. Chanel – 2GB
    17. CarMax – 1.7GB
    18. Disney/Hulu – 36GB
    19. TransUnion – 22GB
    20. Aeroméxico – 172.95GB
    21. Toyota Motor Firms – 64GB
    22. Stellantis – 59GB
    23. Republic Providers – 42GB
    24. TripleA (aaacom) – 23GB
    25. Saks Fifth – 1.1GB
    26. Albertsons (Jewel Osco, and so forth) – 2GB
    27. Engie Sources (Plymouth) – 3GB
    28. 1-800Accountant – 18GB
    29. HMH (hmhcocom) – 88GB
    30. Instructurecom – Canvas – 35GB
    31. Google Adsense – 19GB
    32. HBO Max – 3.2GB
    33. FedEx – 1.1TB
    34. Qantas Airways – 153GB
    35. Vietnam Airways – 63.62GB
    36. Air France & KLM – 51GB
    37. House Depot – 19.43GB
    38. Kering (Gucci, Balenciaga, Brioni, AlexMcQ) – 10GB

    Hackers Accuse Salesforce of Failure

    The hackers accuse Salesforce of failing to implement multi-factor authentication and say they efficiently focused greater than 100 further unnamed cases by OAuth utility weaknesses. In addition they level to earlier warnings, claiming they emailed Salesforce in July 2025 from an handle linked to the operation and obtained no significant response.

    The hackers current their message as half ransom demand, half technical briefing. They level out that their assaults ran for a yr, left clear traces, and argue Salesforce had sufficient time to identify and cease them

    In addition they cite GDPR, CCPA, and HIPAA obligations, arguing that knowledge safety duties had been ignored. To again this up, they promise to launch forensic-style paperwork with assault fingerprints, affected populations damaged down by nation, and particulars in regards to the varieties of data uncovered.

    The attackers present a tuta.io primarily based contact handle and require any communication to incorporate a strict verification format within the topic line. They are saying verified representatives will then be forwarded to a dwell channel the place negotiations can happen.

    Salesforce Apparently Is aware of

    The hackers have additionally circulated a screenshot on their Telegram channel that seems to indicate a Salesforce safety advisory acknowledging ongoing extortion makes an attempt. Within the message, Salesforce refers to social engineering threats, states that there isn’t a proof its platform was compromised, and reassures prospects that its groups are monitoring the scenario.

    Scattered LAPSUS$ Hunters Claim Salesforce Breach, 1B Records, 39 Firms Listed
    Screenshot shared by the hackers displaying Salesforce advisory (Picture credit score: Hackread.com)

    Because the picture can’t be independently verified, it’s unclear whether or not this advisory is genuine or fabricated as a part of the attackers’ marketing campaign. Nonetheless, the group’s website maintains the deadline of October 10, 2025, with the standing listed as “Energetic.” And, with the location dwell, the group now has a public device to extend strain on the corporate because the deadline approaches.



    Share.

    Related Posts