ShinyHunters hackers are ransoming 1 billion Salesforce records

Does your business use Salesforce? A group of hackers may very well have stolen your data. Or, at the very least, they want you to think.

Friday, cybersecurity researchers discovered a website on the Dark web which is trying to extort the victims of a majority of database. According to Techcrunch, which has reported history for the first time, pirates say that around a billion customer files have been stolen in recent weeks with companies that use Salesforce.

Data include records of each company’s own customers, which are stored in Cloud databases managed by Salesforce, a company known for its cloud -based sales software.

The pirate website lists many companies which, according to them, have been victims of this violation, notably Fedex, Toyota and Disney Hulu. Certain companies, such as Google and the company of credit report transunion, have confirmed that their data had been recently stolen in a violation of Salesforce; However, they do not appear on the Ransom website, for unknown reasons.

Pirates behind the website have already been carried by names such as Spander Spider, Shinyhuters and Lapsus $. The dark website that has published the leak is called the dispersed lapsus hunters.

Mashable previously reported this pirate collective. The group has assumed the responsibility of many high -level hacks in recent years, in particular Ticketmaster Breach and the AT&T data leakage. Group targets go main airlines to manufacturers of video games behind Grand Theft Auto.

“Contact us to regain control of data governance and prevent public disclosure of your data,” said the Pirates Dark website by technology. “Don’t be the next title. All communications require strict verification and will be managed with discretion. ”

The pirate group seems to try to extort Salesforce directly. The group threatens to publish data from company customers if Salesforce does not pay a ransom.

In response, Salesforce released a security notice On his website entitled “continuous response to threats of social engineering”:

We are aware of the recent attempts at extortion by threat actors, which we have investigated in partnership with experts and external authorities. Our results indicate that these attempts are linked to past or not founded incidents, and we remain engaged with affected customers to provide support. For the moment, there is no indication that the Salesforce platform has been compromised, and this activity is not linked to a vulnerability known in our technology.

We understand how these situations can be concerned. Protection of customer environments and data remains our absolute priority, and our security teams are fully committed to providing advice and support. While we continue to monitor the situation, we encourage customers to remain vigilant against attempted phishing and social engineering, which remain common tactics for threat actors.