Close Menu
TechurzTechurz
    What's Hot

    Station F ramps up as a launchpad for Europe’s hottest AI startups

    July 6, 2026

    Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent

    July 6, 2026

    Uber’s European expansion plans may have hit a speed bump

    July 5, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Station F ramps up as a launchpad for Europe’s hottest AI startups
    • Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent
    • Uber’s European expansion plans may have hit a speed bump
    • IQM, Europe’s first public quantum company, admits the future of the tech is uncertain
    • Indian tech tycoon bets $30M of his own money to build AI alternative to Microsoft Office
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Cyber Reality - Hackers stole 1 billion records from Salesforce customer databases with this simple trick – don’t fall for it
    Cyber Reality

    Hackers stole 1 billion records from Salesforce customer databases with this simple trick – don’t fall for it

    TechurzBy TechurzOctober 3, 2025Updated:May 10, 2026No Comments5 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Hackers stole 1 billion records from Salesforce customer databases with this simple trick - don't fall for it
    Share
    Facebook Twitter LinkedIn Pinterest Email


    NurPhoto / Contributor / Getty Images

    Follow ZDNET: Add us as a preferred source on Google.

    Table of contents
    1 ZDNET’s key takeaways
    2 Who is behind this attack?
    3 Which companies were hit?
    4 How does this impact you?
    5 How did the hackers break in?
    6 Is Salesforce’s platform compromised?
    7 Have we seen this kind of extortion before?

    ZDNET’s key takeaways

    • Hackers claim theft of 1 billion records from Salesforce databases.
    • Major firms like Google, Qantas, and TransUnion confirm breaches.
    • FBI says attackers used vishing, not Salesforce vulnerabilities.

    A hacking group is claiming it stole roughly 1 billion records from dozens of companies that store their customer data in cloud databases hosted on Salesforce. The hackers reportedly created a site on the dark web, which security researchers and TechCrunch have seen. It lists the victim companies and threatens to release stolen data if it doesn’t get paid.

    Who is behind this attack?

    The campaign is tied to a new cybercrime alliance called Scattered Lapsus$ Hunters, which brings together members of Scattered Spider, Lapsus$, and ShinyHunters — three of the most notorious English-speaking hacking groups active today.

    The group allegedly broke into cloud databases used by numerous companies on the Salesforce platform and stole massive amounts of customer data. According to TechCrunch, they claim to be holding about 1 billion records in total. On their site, they posted a warning telling companies to “contact us to regain control… and prevent public disclosure of your data.”

    Also: Data-stealing cyberattacks are surging – 7 ways to protect yourself and your business

    Resecurity reported that Scattered Lapsus$ Hunters also operated a Telegram channel, now banned, where members coordinated threats, teased leaks, and promoted new Ransomware-as-a-Service tools. Scattered Spider reportedly provided initial access to targets, ShinyHunters managed data theft and dumps, and LAPSUS$ members also participated, with all three groups working together on high-profile campaigns such as the Salesforce database breaches.

    Which companies were hit?

    Several companies recently confirmed that hackers stole customer data from their Salesforce-based databases.

    Below is a list of confirmed incidents so far.

    • Insurance giant Allianz Life confirmed a breach affecting most of its 1.4 million US customers.
    • Google’s Threat Intelligence group acknowledged a Salesforce-based data leak.
    • Luxury goods conglomerate Kering confirmed a similar breach.
    • Qantas disclosed that about 5.7 million customer records were impacted.
    • Carmaker Stellantis admitted to a “third-party data incident.”
    • Credit bureau TransUnion revealed that 4.4 million US consumers’ data were exposed.
    • Workday acknowledged that its customers’ data was stolen.

    TechCrunch said the hackers’ leak site names other big brands like FedEx, Hulu, and Toyota, but they have yet to publicly comment.

    How does this impact you?

    If you’re a customer of any of the companies involved, your personal data may have been exposed in a breach. That data could include names, email addresses, phone numbers, and in some cases, Social Security numbers.

    Also: Battered by cyberattacks, Salesforce faces a trust problem – and a potential class action lawsuit

    Allianz Life said its breach, which affected 1.4 million people, included sensitive details such as Social Security numbers. The company is offering two years of free identity theft and credit monitoring services to those affected. Credit bureau TransUnion also reported that personal data belonging to 4.4 million customers — including names and Social Security numbers — was exposed. 

    It’s worth reviewing each company’s notice to see what types of data were stolen and how to check if you were affected. 

    How did the hackers break in?

    On September 12, the FBI issued a FLASH alert about the threat actors who had gained initial access to organizations’ Salesforce accounts. It said they used social engineering tactics like voice phishing (or vishing). Google’s security researchers explained how a hacker impersonated IT support personnel over the phone to gain access to a Salesforce database, for instance. 

    Also: What is vishing? Voice phishing is surging – expert tips on how to spot it and stop it

    Once the attackers had valid login credentials, they could use Salesforce’s own data export tools to pull large amounts of information. In other words, the attackers exploited human error, not any vulnerability in Salesforce itself.

    Is Salesforce’s platform compromised?

    Salesforce said no, its platform wasn’t compromised by these attacks.

    While the hackers did mention Salesforce by name on their leak site — basically demanding that Salesforce negotiate or else all “your customers’ data will be leaked,” as TechCrunch reported — Salesforce maintains that its infrastructure wasn’t directly breached.

    Also: Cybercriminals are stealing business Salesforce data with this simple trick – don’t fall for it

    In a public statement, Salesforce confirmed it is “aware of recent extortion attempts,” but so far, there is no indication that the Salesforce platform has been compromised, nor is this activity “related to any known vulnerability in our technology.”

    All evidence points to the attackers abusing stolen credentials and impersonating users via vishing to get into the databases, rather than hacking Salesforce’s systems. Salesforce said it has been working with the affected companies to provide support.

    Have we seen this kind of extortion before?

    Unfortunately, yes — this playbook is all too familiar. CrowdStrike’s 11th annual 2025 Global Threat Report, for example, found that vishing attacks rose 442% in the second half of 2024 compared with the first. Over the course of the year, the company tracked at least six separate campaigns where attackers posed as IT staffers and called employees at various organizations.

    Also: Someone used AI to impersonate a secretary of state – how to make sure you’re not next

    CrowdStrike said companies can strengthen their defenses against vishing by requiring stricter verification for password resets, such as video authentication and government ID, and by training help desk staff to spot suspicious requests, especially those outside normal hours. It also advised using advanced authentication methods like FIDO2 and keeping systems updated with patches.

    Get the morning’s top stories in your inbox each day with our Tech Today newsletter.

    billion customer databases dont fall Hackers Records Salesforce simple stole Trick
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleAI slop, government stops, and startup uncertainty
    Next Article A new search engine raises $1.1M to let obsessive fans dive down internet rabbit holes
    Techurz
    • Website

    Related Posts

    Opinion

    Slate Auto’s radically simple electric truck starts at $24,950

    June 24, 2026
    Opinion

    The US banned Anthropic’s Fable 5 release, but the numbers don’t seem to care

    June 19, 2026
    Opinion

    The pitch trick that helped an eSports startup raise $20M when VCs only wanted AI

    May 25, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    12 Father’s Day E-Card Sites That Are Actually Good

    June 4, 202523

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.