Big Scandal! Hacker Steals 1 Billion Data Salesforce, Who Will Be The Next Victim?

JAKARTA - Cybercriminal groups linked to a series of ransomware attacks against major UK retailers claimed on Friday, October 3, that they had stolen nearly 1 billion records from cloud salesforce tech giants.

The group calling themselves "Scattered LAPSUS$ Hunters" told Reuters the footage contained identifiable personal information. The group also claimed responsibility for hacking Marks & Spencer, Co-op, and Jaguar Land Rover earlier this year.

Until now it has not been verified by the group's claims. Salesforce stated that their system was not hacked. "Currently, there is no indication that the Salesforce platform has been compromised, nor has anything to do with this activity with the vulnerabilities known in our technology," a Salesforce spokesperson said.

One of the hackers, who identified himself as Shiny, said by email that they did not directly hack Salesforce, but targeted Salesforce customers using "vishing" or voice fraud techniques. This technique is a form of social engineering attack in which hackers disguise themselves as employees when contacting IT aid desks by telephone.

Scattered LAPSUS$ Hunters published a leak site on the darkweb on Friday, which lists about 40 other companies they claim to have hacked. It is unclear whether the companies are Salesforce clients. Both hackers and Salesforce refused to reveal whether they were negotiating the ransom.

In June, security researchers from the Google's Threat Intelligence Group stated that the group, which they track as "UNC6040," proved to be very effective at tricking employees into installing modified versions of the Salesforce Data Loader, a tool belonging to Salesforce used to import large amounts of data into the Salesforce environment.

The technical infrastructure associated with this hacking campaign has characteristics that are thought to be linked to a broader and looser ecosystem known as "The Com," which is known for its small groups involved in cybercriminal activity and sometimes violence, according to Google researchers.

In July, British police arrested four people under the age of 21 as part of a police investigation into a cyberattack that disrupted British retailer operations.

The following is a complete list of companies that are said to be victims along with the amount of data claimed to have been stolen:

FedEx 1,1 TB

Aeromexico 172.95 GB

Qantas Airways 153 GB

UPS 91.34 GB

HMH 88 GB

Vietnam Airlines 63.62 GB

Toyota Motor Corporation 64 GB

Stellantis 59 GB

Air France & KLM 51 GB

Republic Services 42 GB

Adidas 37 GB

Disney / Hulu 36 GB

Canvas by Instructure 35 GB

Instacart 32 GB

McDonald's 28 GB

Triplea 23 GB

TransUnion 22 GB

Home Depot 19.43 GB

Google AdSense 19 GB

1-800Accountant 18 GB

Cisco 5.6 GB

Marriott 7 GB

Walgreens 11 GB

Dry (Gucci, Balenciaga, etc.) 10 GB

Petco 9.9 GB

ASICS 9 GB

Pandora 8.3 GB

KFC 1.3 GB

Saks Fifth Avenue 1.1 GB

GAP Inc. 1 GB

CarMax 1.7 GB

Cartier 1.4 GB

Chanel 2 GB

Albertsons (Jewel Orco, etc.) 2 GB

Ennie Resources (Plymouth) 3 GB

Puma 3.1 GB

HBO Max 3.2 GB

Fujifilm 155 MB

IKEA 13 GB

The group claims the stolen data includes customer information, internal business documents, as well as sales and financial data stored in the Salesforce system owned by each company.