Hackers claim theft of 1 billion Salesforce records in UK retail attacks: Report

A group of hackers has reportedly claimed responsibility for the theft of close to one billion records from Salesforce, a leading U.S. cloud technology company, amidst a series of ransomware attacks aimed at British retailers. The group, known as Scattered LAPSUS$ Hunters, disclosed to Reuters that they accessed extensive personal data by targeting organizations that utilize Salesforce software. This hacking collective is believed to be an offshoot of the infamous LAPSUS$ cybercrime network. They have stated their involvement in recent security breaches affecting prominent retailers such as Marks & Spencer, the Co-op, and Jaguar Land Rover earlier this year. Google’s Threat Intelligence Group has classified this group as UNC6040, previously warning of their use of sophisticated social-engineering techniques. Salesforce has firmly denied any breach of its systems. One hacker, who goes by the name “Shiny,” revealed that the operation employed vishing—voice phishing calls directed at IT help desks to manipulate employees of Salesforce clients. Reports indicate that in some instances, attackers successfully convinced staff to download a compromised version of Salesforce’s Data Loader tool, which enabled them to extract large volumes of data. On Friday, Scattered LAPSUS$ Hunters unveiled a dark web site listing approximately 40 organizations they claimed to have infiltrated. However, the authenticity of the alleged billion-record theft is still unverified, and it remains uncertain if all listed companies are indeed clients of Salesforce. A Salesforce representative asserted that there is “no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.” The company has not confirmed whether ransom negotiations have occurred. According to researchers from Google, the group’s operational infrastructure aligns with “The Com,” a loosely affiliated network of cybercriminals known for engaging in both data theft and violent activities. Earlier this year, British authorities arrested four individuals under the age of 21 as part of their investigation into the retail cyberattacks, although law enforcement has not confirmed any connection to the latest allegations.