A hacker group known as Scattered LAPSUS$ Hunters recently made a striking claim. They said they stole nearly a billion records from companies using Salesforce software. This group is known for its ransomware activities against various targets.
The hackers told Reuters that the stolen data included information useful for identity verification. They also took credit for other high-profile attacks. These included breaches at Marks & Spencer, Co-op, and Jaguar Land Rover.
However, Reuters also noted that it could not confirm if these hacker claims were true. Salesforce, for its part, quickly responded. The company stated clearly that it had not been hacked at all.
An individual named Shiny, a member of the hacker group, spoke with Reuters. He explained their methods. Shiny confirmed the group did not directly attack Salesforce itself. Instead, they focused on Salesforce’s customers. They used a tactic called “Vishing,” which is short for Voice Phishing. This trick involves faking employee voices over the phone. The goal is to get information directly from people.
Scattered LAPSUS$ Hunters also posted a list of 40 companies on the dark web. They claimed these firms were victims of their operations. But it is not yet clear if these 40 companies are actually Salesforce clients.