On October 3, 2025, Hackread.com revealed an in-depth report wherein hackers claimed to have stolen 989 million data from 39 main firms worldwide by exploiting a Salesforce vulnerability. The group demanded that Salesforce and the affected corporations enter negotiations earlier than October 10, 2025, warning that if their calls for had been ignored, they’d launch the whole dataset.
The hackers, figuring out themselves as “Scattered Lapsus$ Hunters,” a collective stated to mix components of Scattered Spider, Lapsus$, and ShinyHunters, have now revealed information allegedly belonging to six of the 39 focused firms.
The businesses named within the leak are as follows:
- Fujifilm
- GAP, INC.
- Vietnam Airways
- Engie Assets
- Qantas Airways Restricted
- Albertsons Firms, Inc.
What’s In The Knowledge
Whereas the impacted firms are the one ones who can confirm the breach, Hackread.com has carried out an in-depth evaluation of the leaked information, and it seems to be respectable. In all 6 leaks, the document accommodates private particulars of shoppers, enterprise, together with electronic mail addresses, full names, addresses, passport numbers, cellphone numbers,
Qantas Airways Restricted
The dataset leaked from Qantas Airways Restricted is substantial in measurement, weighing in at 153 GB. The recordsdata are in JSON format and include over 5 million data. The info was revealed on October 10, 2025, and marked as public by the risk actors.
This dataset combines personally identifiable info (PII) with buyer loyalty and inside enterprise information, making it a critical publicity if genuine. Right here’s what the leaked information accommodates:
- Gender
- Nation
- Full identify
- Date of delivery
- Factors steadiness
- Foreign money used (AUD)
- Frequent flyer quantity
- Frequent flyer be a part of and anniversary dates
- Title or salutation (for instance, Mrs, Mr)
- Frequent flyer tier and standing credit
- Cellphone numbers (most important, alternate, house, enterprise, cellular)
- E-mail addresses (main, alternate, enterprise, house)
- Account creation and modification timestamps
- Mailing tackle particulars (metropolis, postal code, latitude, longitude, and so forth.)
- Account or buyer ID numbers (inside Salesforce and Qantas IDs)
- Profile preferences (for instance, meal, seat, advertising and marketing preferences, newsletters)
- Membership and loyalty particulars (bronze tier, expiry, standing credit until subsequent degree)
- Inner CRM fields (OwnerId, RecordTypeId, CreatedBy, and so forth.)
- Hyperlinks to inside experiences and templates (for instance, “QCC Frequent Flyer Report”, “QCC Lounges Report”)
- Buyer notes and remarks fields
- Geolocation information (latitude and longitude of mailing tackle)
- Exercise and make contact with monitoring metadata (final modified, final seen, and so forth.)
- Inner flags and standing indicators (HasOptedOutOfEmail, DoNotCall, Lively, Sensitive_Contact, and so forth.)
In its safety advisory revealed on 12 October 2025, the corporate confirmed that information from 5.7 million of its prospects was revealed on-line following a serious cyberattack. It’s price noting that in July 2025, the corporate had additionally confirmed a serious information breach linked to a third-party vendor, however didn’t disclose its identify on the time.
Vietnam Airways
Vietnam Airways’ dataset is 63.62 GB, additionally in JSON format, with greater than 23 million data. Just like the others, it was made public on October 10, 2025. The discharge, if genuine, represents one of many bigger leaks attributed to this spherical of breaches.
These document contains each personally identifiable info (PII) and company account information, together with inside airline CRM fields and loyalty program identifiers such because the frequent flyer quantity. Here’s a record of the sorts of information contained within the Vietnam Airways document:
- Age
- Gender
- Full identify
- Cellphone quantity
- Foreign money used
- E-mail tackle
- Frequent flyer quantity
- Date of delivery and 12 months of delivery
- Proprietor and system metadata
- Inner account and make contact with IDs
- Enterprise or cargo-related fields
- Account sort and document classification
- Company or enterprise function info
- Company and tax info fields
- Firm-related electronic mail and cellphone fields
- Final journey and travel-related monitoring fields
- Nation and metropolis fields (although some are clean)
- Residential tackle (road and partial location particulars)
Albertsons Firms, Inc.
The leak related to Albertsons Firms, Inc. is comparatively smaller, totalling 2 GB of JSON recordsdata. In line with the itemizing, it accommodates over 672,000 data. The info was revealed on October 10, 2025, and labelled as public.
GAP, INC.
The dataset tied to GAP, INC. is 1 GB in measurement, formatted in JSON, and reportedly holds greater than 224,000 data. The knowledge was uploaded on October 10, 2025, with a public standing tag, suggesting it’s accessible to anybody by way of the leak portal.
Fujifilm
The Fujifilm information leak seems smaller as compared, listed at 155 MB and in CSV format. Regardless of its smaller measurement, the dataset nonetheless allegedly contains round 224,000 data. It too was made public on October 10, 2025.
Engie Assets
The dataset from Engie Assets measures 3 GB and is formatted as JSON recordsdata. It’s stated to incorporate greater than 537,000 data, revealed publicly on October 10, 2025.
Whole Variety of Firms Impacted within the Breach
The total record of 39 firms recognized as victims within the alleged Salesforce information breach:
- KFC – 1.3GB
- ASICS – 9GB
- UPS – 91.34GB
- IKEA – 13GB
- GAP, INC. – 1GB
- Petco – 9.9GB
- Cisco – 5.6GB
- McDonald’s – 28GB
- Cartier – 1.4GB
- Adidas – 37GB
- Fujifilm – 155MB
- Instacart – 32GB
- Marriott – 7GB
- Walgreens – 11GB
- Pandoranet – 8.3GB
- Chanel – 2GB
- CarMax – 1.7GB
- Disney/Hulu – 36GB
- TransUnion – 22GB
- Aeroméxico – 172.95GB
- Toyota Motor Company – 64GB
- Stellantis – 59GB
- Republic Companies – 42GB
- TripleA (aaacom) – 23GB
- Saks Fifth – 1.1GB
- Albertsons (Jewel Osco, and so forth) – 2GB
- Engie Assets (Plymouth) – 3GB
- 1-800Accountant – 18GB
- HMH (hmhcocom) – 88GB
- Instructurecom – Canvas – 35GB
- Google Adsense – 19GB
- HBO Max – 3.2GB
- FedEx – 1.1TB
- Qantas Airways – 153GB
- Vietnam Airways – 63.62GB
- Air France & KLM – 51GB
- Residence Depot – 19.43GB
- Kering (Gucci, Balenciaga, Brioni, AlexMcQ) – 10GB
What’s Subsequent?
Whereas extra information was initially anticipated, the hackers introduced on Telegram that they won’t be releasing any extra info, stating, “Lots of people are asking what else can be leaked. Nothing else can be leaked. The whole lot that was leaked was leaked, we’ve nothing else to leak, and clearly, the issues we’ve can’t be leaked for apparent causes.” This assertion leaves the way forward for the remaining information unsure.
Nevertheless, what has already been leaked is damaging sufficient. If verified, the discharge of those databases might have critical penalties throughout a number of industries. Airways, retailers, and power firms retailer giant volumes of delicate buyer and enterprise info, together with private particulars, contact information, and inside data.
The publicity of such information places affected people liable to identification theft and fraud, whereas additionally creating potential reputational and monetary harm for the businesses concerned. Since these leaks are linked to earlier claims a couple of Salesforce vulnerability, the incident additionally raises questions in regards to the safety practices of third-party platforms that handle and retailer such intensive information.
