seniorspectrumnewspaper – A cybercriminal group calling itself Scattered LAPSUS$ Hunters is threatening to release a massive cache of stolen data. The group claims it has obtained over 1 billion records from 39 major companies, including Disney, McDonald’s, Toyota, HBO Max, Adidas, and Walgreens. Unless Salesforce pays a ransom by October 10, the hackers say they will leak the stolen data on the dark web.
Read More : Windows 10 Support Ends Soon: What You Need to Know
The extortion threat is connected to a recent wave of attacks targeting companies that use Salesforce platforms. Earlier this year, Google’s Mandiant team warned about a broad data theft campaign involving breaches in Salesforce-connected environments. One key breach involved Salesloft Drift, an AI chatbot provider that integrates with Salesforce tools.
Last month, the FBI also issued an alert about hackers stealing large volumes of sensitive data in bulk before Salesloft managed to block their access. The group now claiming responsibility appears to be capitalizing on that breach. The name Scattered LAPSUS$ Hunters references several notorious cybercrime groups—Scattered Spider, LAPSUS$, and ShinyHunters—each of which has been linked to major security incidents in the past.
The group has launched a site on the dark web where it posted samples of the stolen data. Cybersecurity researcher Kevin Beaumont has reviewed the samples and stated that they appear authentic. The leaked data reportedly includes full names, email addresses, phone numbers, dates of birth, and physical addresses—highly valuable information for identity theft and fraud.
In response, Salesforce says it is actively investigating the situation with help from external experts and law enforcement. However, the company maintains that its platform was not breached. Instead, the issue appears related to third-party integrations or unrelated incidents affecting its customers.
Salesforce Denies Platform Breach as Hackers Raise Legal Threats
Salesforce addressed the extortion threats by asserting that no evidence shows the hackers compromised its systems. In a public statement, the company linked the attempted extortion to past or unverified incidents. It confirmed that its team continues working with affected clients and security agencies.
The company emphasized that no known vulnerabilities in its core technology were involved. Instead, attackers appear to have relied on social engineering and phishing tactics. These include impersonating IT staff to deceive employees into giving up access credentials. Mandiant’s earlier report highlighted such methods as central to the data theft campaign.
In a surprising move, the hackers threatened to collaborate with legal firms pursuing lawsuits against Salesforce. On their dark web site, they named Berger Montague, a well-known class action law firm, and claimed they would assist in legal actions if Salesforce refused to pay the ransom. The law firm has not issued any comment on the matter.
The hackers further claimed they would report Salesforce to regulators in Europe and US law enforcement. This raises the stakes by hinting at possible data protection violations under laws like the GDPR.
Salesforce urged its customers to stay alert and actively strengthen their defenses against phishing and impersonation attacks. The company continues providing support to affected clients while firmly denying any breach of its internal infrastructure.
As the October 10 deadline nears, tension continues to build. If the parties fail to reach a resolution, the hackers could release the stolen records, potentially triggering regulatory investigations and legal actions across multiple industries.
