The group ‘Scattered LAPSUS$ Hunters’ says it will dump a trove of information allegedly stolen from Salesforce customers unless the company pays up by Oct. 10.
Don’t miss out on our latest stories. Add PCMag as a preferred source on Google.
A wave of data thefts in recent months has culminated in a group of hackers threatening to leak 1 billion stolen records from 39 companies, including Disney, McDonald’s, and Toyota.
The Scattered LAPSUS$ Hunters group today published a site on the dark web, pressuring the victim companies to pay up by Oct. 10 or else the stolen data will be leaked
The extortion claim appears to be connected to a series of hacks targeting Salesforce customers. This summer, Google’s Mandiant team raised alarm bells about a “widespread data theft campaign” targeting customer environments with Salesforce. The hackers breached AI chat agent provider Salesloft Drift, which can be integrated with Salesforce software.
Last month, the FBI issued its own alert, warning that hackers had been looting “large volumes of data in bulk” before Salesloft was able to shut down the access. It now appears that the culprits responsible are attempting to capitalize on the situation. The group’s name refers to three infamous cybercrime gangs—Scattered Spider, LAPSUS, and Shiny Hunters—each responsible for a string of breaches in recent years.
