Salesforce refuses to pay ransom after 1B records stolen
What's the story
Salesforce has refused to pay a ransom demanded by a cybercrime syndicate that claims to have stolen around one billion records from several of its customers. The group, which started its campaign in May, used voice calls and social engineering tactics to trick organizations into connecting an attacker-controlled app with their Salesforce portal.
Firm stance
Hackers claim to have stolen data from 39 organizations
The threat group, which calls itself Scattered LAPSUS$ Hunters, has claimed to have stolen data from 39 Salesforce customers including Toyota and FedEx. They even launched a website demanding a ransom from Salesforce in exchange for not leaking the stolen data. However, a company spokesperson confirmed that Salesforce will not engage with or pay any extortion demand.
Customer communication
Salesforce warns customers about potential data leak
Salesforce has also warned its customers about the hacking group's plan to publish stolen data. The company has been in touch with affected customers and promised support. The breach didn't directly affect Salesforce's main platform but targeted a third-party app, Drift, which connects with Salesforce for customer service automation tasks.
App breach
Stolen records were put up for sale last week
The stolen records were allegedly combined into one large dataset and put up for sale on a cybercrime forum last week. The breach exposed customer contact information, basic IT support data, user authorization access tokens, and details about customers' IT system configurations in some cases.