Salesforce Infrastructures Suspected of Nearly 1 Billion-Record Data Theft
Fears of supply chain hacks targeting large firms have increased as a shadowy cybercriminal gang known as Scattered LAPSUS$ Hunters claims to have stolen almost one billion customer details from the global cloud giant Salesforce.
The hackers claim they obtained access by taking advantage of retail businesses that utilize Salesforce’s software, such as Marks & Spencer, Co-op, and Jaguar Land Rover, all of which were the targets of ransomware attacks earlier this year, despite Salesforce’s adamant denial of any system breach.
Salesforce Denies Breach, Points to Customer Targeting
Salesforce emphasized that its own infrastructure is still secure in a statement to Reuters.
| “A representative for the business stated, “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.” |
Rather, the attackers seem to have persuaded staff members to allow access to Salesforce-related tools and environments by using “vishing” techniques, which involve making voice phishing calls to IT help desks. According to reports, the hackers used Salesforce’s proprietary Data Loader tool, which was altered to syphon out large amounts of data after it was installed on infected servers.
A Dark Web Leak and a Web of Victims
Scattered LAPSUS $ Hunters opened a dark web leak webpage on Friday, claiming to have compromised about 40 firms. Neither Salesforce nor the hackers disclosed if talks were in progress, and the group made no public demands for ransom.
Whether the stolen data contains the personally identifiable information (PII) of millions of consumers is a question that the leak raises. Security professionals caution that these kinds of documents can support widespread phishing attacks, fraud, and identity theft.
Links to “The Com” and Previous Arrests
The collective is monitored by Google’s Threat Intelligence Group (GTIG) under the pseudonym “UNC6040,” which highlights their capacity to deceive staff members into jeopardizing their own work settings. The infrastructure of the gang, according to investigators, is similar to networks connected to “The Com,” a loosely organized international cybercriminal ecosystem that is notorious for fraud and, occasionally, violent acts.
The disclosures come after four people under the age of 21 were arrested in Britain in July 2025 in relation to ransomware assaults on UK retailers. Despite those arrests, authorities believe the group is still operational, highlighting the fragmented structure of contemporary cybercrime gangs.
A Larger Pattern of Retail Sector Threats
According to cybersecurity experts, the allegations against Salesforce point to a larger weakness: the dependence of global corporations on external cloud services. Attackers can get around sophisticated platform-level security measures by focusing on users rather than providers.
Retailers continue to be particularly appealing targets because they have vast volumes of customer and payment data. Experts caution that phishing and data exfiltration tactics will continue to spread in the absence of robust authentication, personnel training, and incident response.
One of the most audacious allegations made by the Scattered LAPSUS$ Hunters to yet is the purported theft of one billion Salesforce records. Even though Salesforce maintains that its systems are secure, the example highlights the ongoing dangers of social engineering and third-party attacks in a time when cloud platforms support international trade.
About the Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
New XWorm V6 Variant Infected Windows Applications with Malicious Code
About Author
English