Particle.news

Download on the App Store

Hackers Launch 'Scattered LAPSUS$ Hunters' Leak Site Claiming 1 Billion Salesforce-Hosted Records

The coalition opened a dark-web site setting an October 10 deadline to pressure companies to pay.

Overview

  • The new site lists 39 alleged victims and publishes data samples, warning that full datasets will be released after October 10 unless contacted.
  • Operators claim possession of roughly one billion records stored in Salesforce-hosted databases and separately urge Salesforce to negotiate to avert wider disclosure.
  • Salesforce says its probe found no indication of a platform compromise or new vulnerability and describes the extortion as tied to past or unsubstantiated incidents.
  • Security researchers report the breaches leveraged voice phishing and malicious OAuth app approvals that enabled large-scale extraction of Salesforce CRM data.
  • Allianz Life, Google, Kering, Qantas, Stellantis, TransUnion, and Workday have confirmed data thefts, while brands named on the site such as FedEx, Hulu, and Toyota have not publicly confirmed.