Salesforce Refuses to Pay Ransom After 1 Billion Records Breach
Salesforce has announced its decision to refuse an extortion demand issued by a cybercrime syndicate that claims to have compromised around 1 billion records from its customers. The crime group, which refers to itself as Scattered LAPSUS$ Hunters, has been active since May, making unsolicited voice calls to organizations managing data on Salesforce’s platform.
Details of the Extortion Attempt
The group employed English-speaking callers who posed as representatives needing access to Salesforce portals. Remarkably, many individuals complied with these requests, unwittingly connecting to an attacker-controlled application. This alarming trend highlights ongoing vulnerabilities in data security.
Group Identification
Mandiant, a cybersecurity firm, has classified the threat group as UNC6040. They associate the group with a combination of notable data-extortion actors, namely Scattered Spider, LAPSuS$, and ShinyHunters. Despite detailed analysis, researchers have yet to establish definite links among these entities.
Stolen Data and Ransom Demand
Earlier this month, the Scattered LAPSUS$ Hunters launched a website listing significant customers affected by the breach, including well-known companies like Toyota and FedEx, alongside 37 others. The group claims to have obtained approximately 989.45 million records from these Salesforce clients. They issued an ultimatum, urging Salesforce to initiate ransom negotiations before leaking the sensitive data.
Ransom Negotiations
- Ransom Demand: Direct appeals to Salesforce for negotiation.
- Deadline: Stipulated payment deadline was Friday.
- Threat: Possibility of data leaks if demands are not met.
In response to these threats, a spokesperson from Salesforce confirmed the company’s refusal to comply with the extortion demand, emphasizing their commitment to security and customer privacy.
This situation underscores the critical need for robust data protection measures and heightened awareness of phishing tactics among organizations leveraging cloud-based services.
