Hacker Group Claims Theft of Nearly 1 Billion Salesforce Records

A significant data breach involving Salesforce has reportedly compromised nearly 1 billion records, according to claims by a hacker group.

The group, which has operated under aliases such as ShinyHunters and Scattered Spider, asserts that it has stolen sensitive customer information from numerous companies utilising Salesforce's cloud-based CRM platform.

The stolen data includes business contact details, customer support cases, and product information. Notably, the group has established a dark web leak site named "Scattered LAPSUS$ Hunters" to publish the stolen records unless a ransom is paid. Among the alleged victims are prominent firms like Toyota, FedEx, Hulu, and Allianz Life.

Salesforce has responded by emphasising that its core platform has not been compromised. The breaches occurred due to unauthorised access to customer accounts, often facilitated by social engineering tactics.

The company urges its clients to adopt stringent security measures, including enabling multi-factor authentication (MFA), enforcing the principle of least privilege, and carefully managing connected applications.

This incident highlights the growing threat of cyberattacks targeting cloud-based platforms and underscores the critical importance of robust cybersecurity practices to protect sensitive business data.

Salesforce has not responded to The Left Shift's request for comment till the time of publication.