Overview
- The Tor-hosted site lists 39 organizations and threatens to publish their Salesforce-linked data unless the CRM provider or listed companies pay.
- Salesforce says it has found no evidence its platform was compromised and describes the extortion claims as tied to past or unsubstantiated incidents.
- Leaked samples reviewed by researchers contain extensive personal data, with some entries including passport numbers and Social Security numbers.
- Analysts attribute access to vishing and abused third-party integrations involving OAuth tokens such as Salesloft/Drift, and the FBI has issued notifications to help detection.
- The group is escalating pressure with legal-threat rhetoric against Salesforce and a crowdsourced harassment offer of $10 in Bitcoin to target executives.