EddieJayonCrypto
7 Oct 25
A hacking group claims to have stolen 1 billion records from Salesforce users via social engineering and modified tools, sparking alarms about corporate security vulnerabilities and data privacy risks.
**Cybercriminals Linked to LAPSUS$ Group Claim to Steal 1 Billion Records from Salesforce Users** A hacking group calling itself *Scattered LAPSUS$ Hunters* has alleged it stole nearly 1 billion records from companies using Salesforce, exposing vast amounts of personally identifiable information (PII). The group, which claims ties to the notorious *LAPSUS$* hacking collective, denied directly breaching Salesforce’s internal systems, instead targeting clients through sophisticated social engineering and modified tools. According to a message to Reuters, the attackers used *vishing* (voice phishing) techniques to impersonate employees or technical staff, tricking helpdesk workers into granting access to Salesforce environments. They also deployed altered versions of Salesforce’s *Data Loader* tool—a legitimate data migration utility—to siphon sensitive data from compromised client systems. Salesforce has responded by stating there is “no indication the Salesforce platform has been compromised” and that the hackers’ claims “do not appear tied to any known vulnerability in our technology.” The company emphasized it is collaborating with affected customers to provide support and investigate the extortion attempts. The group published a dark-web leak site listing approximately 40 companies they claim to have breached. However, it remains unclear whether all the listed entities are actual Salesforce users. Law enforcement in the U.K. previously arrested four individuals under 21 in connection with earlier attacks on British retailers, and cybersecurity researchers suggest this operation may be part of a broader criminal network known as *“The Com.”* Google’s cybersecurity team has raised alarms about a surge in ransomware and data theft extortion targeting U.S. businesses, mirroring challenges faced by UK companies. In a recent blog post, Google’s analysts highlighted the activities of a group known as *UNC3944*, which has shifted from ransomware to data extortion since early 2023. The group has targeted sectors such as financial services and food services, with some attacks seemingly aimed at gaining media attention and prestige. John Hultquist, a cybersecurity analyst at Google, warned that U.S. retailers are now facing similar threats, underscoring the growing sophistication of cybercriminal operations. As businesses grapple with these evolving tactics, the incident serves as a stark reminder of the need for heightened vigilance against social engineering and third-party vulnerabilities. The situation highlights the complex interplay between hacking groups, corporate security measures, and law enforcement efforts to combat digital crime. With the lines between direct platform breaches and client-side exploits blurring, organizations must remain proactive in safeguarding their data and responding to emerging threats.