NurPhoto / Contributor / Getty Images
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Hackers claim theft of 1 billion records from Salesforce databases.
Major firms like Google, Qantas, and TransUnion confirm breaches.
FBI says attackers used vishing, not Salesforce vulnerabilities.
A hacking group is claiming it stole roughly 1 billion records from dozens of companies that store their customer data in cloud databases hosted on Salesforce. The hackers reportedly created a site on the dark web, which security researchers and TechCrunch have seen. It lists the victim companies and threatens to release stolen data if it doesn't get paid.
Who is behind this attack?
The campaign is tied to a new cybercrime alliance called Scattered Lapsus$ Hunters, which brings together members of Scattered Spider, Lapsus$, and ShinyHunters -- three of the most notorious English-speaking hacking groups active today.
The group allegedly broke into cloud databases used by numerous companies on the Salesforce platform and stole massive amounts of customer data. According to TechCrunch, they claim to be holding about 1 billion records in total. On their site, they posted a warning telling companies to "contact us to regain control... and prevent public disclosure of your data."
... continue reading