Hacking group claims theft of 1 billion records from Salesforce customer databases | TechCrunch

The hacking group Lapsus$/Scattered Spider/ShinyHunters launched a dark web leak site to extort victims, claiming nearly one billion records stolen from Salesforce-hosted databases. The site lists confirmed breaches at Allianz Life, Google, Kering, Qantas, TransUnion, and Workday, plus unconfirmed targets like FedEx, Hulu, and Toyota, while threatening Salesforce directly to negotiate ransom or face data publication. Salesforce maintains there’s “no indication that the Salesforce platform has been compromised,” describing the attempts as relating to “past or unsubstantiated incidents.” This marks a significant shift for the predominantly English-speaking group, which historically avoided public presence, now adopting tactics typically associated with Russian-speaking ransomware gangs who threaten to publish stolen data rather than encrypting it.​​​​​​​​​​​​​​​​