A group of Salesforce hackers is demanding ransom while threatening to leak data from more than 700 companies. The attackers claim they accessed sensitive information through Salesforce-linked tools, putting global businesses at risk.
What Happened
The syndicate, calling itself Scattered LAPSUS$ Hunters, posted a ransom demand on the dark web. They warned Salesforce to negotiate or face mass data leaks.
The hackers listed high-profile companies, including Google, Adidas, Disney, Toyota, and FedEx. The threat quickly raised concerns across industries that depend on Salesforce.
Salesforce stated it found no evidence that attackers compromised its core systems. The company linked the threat to past or unverified incidents.
Attack Method
Investigators believe the Salesforce hackers exploited third-party integrations. Reports suggest they targeted Salesloft’s Drift tool by breaching a GitHub account.
Through this entry point, the attackers may have gained access via OAuth tokens or other linked integrations. This approach bypasses direct attacks on Salesforce itself, showing how dependent platforms are on partner security.
Why It Matters
The incident highlights critical risks:
- Scale of impact — hundreds of companies could be exposed, not just Salesforce itself.
- Weak third parties — hackers bypassed primary defenses by exploiting an integration.
- Data extortion trend — instead of encrypting systems, criminals now threaten public leaks.
- Trust issues — customers may question Salesforce’s ability to secure connected tools.
Conclusion
The Salesforce hackers have shown how vulnerable cloud ecosystems become when third-party integrations are not secured. The ransom demand signals a shift in tactics, focusing on fear and exposure rather than encryption.
For Salesforce and its customers, the lesson is clear: secure every connection. Stronger integration vetting, access controls, and coordinated breach responses are essential. Without them, threats like this will continue to escalate across the enterprise cloud landscape.
0 responses to “Salesforce Hackers Demand Ransom, Threaten Massive Data Leaks”