1.5 Billion Salesforce Records at Risk at Scattered Lapsus$ Hunters Dark Web Site

 

A new wave of extortion attacks is targeting Salesforce environments across major companies — and the scale is massive. A group calling itself the Scattered Lapsus$ Hunters, reportedly linked to ShinyHunters, Lapsus$, and Scattered Spider, claims to have stolen 1.5 billion Salesforce records. The stolen data allegedly includes personal info, shipping details, and even chat transcripts from integrations with the Salesloft Drift chatbot. The attackers have already listed 39 major brands — including Disney, Cisco, McDonald’s, IKEA, and FedEx — on a dark web data leak site, demanding ransom not just from victims but from Salesforce itself. If payments aren’t made, they threaten to leak the data publicly after October 10. While Salesforce maintains that its platform wasn’t directly breached, the incident highlights a growing truth: third-party integrations are now one of the biggest attack vectors in modern supply chains. Stay alert. Audit your integrations. Trust, but verify. https://plixer.zoom.us/webinar/register/WN_vdUGj1AwSdyPMcUSyiWS_Q#/registration