.png){kind=logo}
A cybercriminal group calling itself ‘Scattered LAPSUS$ Hunters’ has claimed to hold nearly 1 billion records stolen from Salesforce customer databases. The group is demanding ransom and threatening to release sensitive information from 39 major companies. These include giants like Google, Toyota, FedEx, Disney, and Home Depot.
The group warned that Salesforce data will be leaked unless payments are made by October 10, 2025. The coalition reportedly includes members from ShinyHunters, Scattered Spider, and LAPSUS$.
The alleged breach affects companies from multiple sectors, including retail, hospitality, and luxury brands. Hackers claim to have accessed personally identifiable information like names, addresses, dates of birth, Social Security numbers, and business contact details. Reported victims include Walgreens, McDonald’s, KFC, IKEA, Marriott, Chanel, Cartier, and subsidiaries of Kering, highlighting the scale of the threat.
Many organizations have already acknowledged Salesforce data breaches this year. Allianz Life reported that 1.4 million customer records were compromised, while credit bureau TransUnion disclosed that 4.4 million records were exposed. Google confirmed that hackers accessed contact information related to small and medium-sized enterprises, including Salesforce. The scale of these breaches raises concerns about data security on cloud platforms.
The group is pressuring Salesforce to negotiate a single master ransom covering all affected customers. They have threatened to submit alleged evidence of negligence to regulatory authorities and law firms if the company fails to comply with their demands. This approach reflects a growing trend of organized cybercriminals targeting cloud service providers to maximize financial gain from multiple corporate victims.
Salesforce maintains that its core platform remains secure, stating that attacks targeted individual customers through social engineering. Hackers exploited compromised authentication tokens from third-party integrations, such as Salesloft and Drift AI, to gain API-level access. The company emphasizes that these breaches stemmed from manipulated employee actions rather than vulnerabilities in Salesforce technology.
Despite platform assurances, Salesforce faces mounting legal challenges. At least 14 lawsuits were filed in Northern California in September 2025, seeking class-action status over alleged negligence and privacy violations. Plaintiffs argue that the company failed to detect malicious applications and secure sensitive customer data.
This incident highlights the growing risks of cloud-based data breaches. Organizations using cloud platforms must prioritize strong authentication methods, monitoring third-party integrations, and employee security training. The case highlights that even trusted platforms can be exploited through social engineering.
Also Read:Lazarus Group Strikes Again, SBI Crypto Hit with $21 Million Hack
