Hackers Launch Leak Portal to Publish Data Stolen from Salesforce Instances
gbhackers
The hacker collective styling itself “Scattered Lapsus$ Hunters”—an alliance echoing elements of ShinyHunters, Scattered Spider, and Lapsus$—has launched an extortionware portal to pressure victims into paying for delisting and purported deletion of stolen data.
The group’s leverage centers on Salesforce datasets, reflecting months of intrusions achieved via social engineering, OAuth abuse, and downstream supply chain compromise.
UpGuard and other analysts have tracked the campaign’s evolution from voice-phishing that weaponized Salesforce integrations to a sweeping data-theft operation tied to Salesloft’s Drift ecosystem and OAuth tokens that unlocked broad API access across targets.
Google’s threat intelligence team has separately documented the attackers’ use of persuasive phone pretexts and fraudulent integrations to gain privileged access to Salesforce instances.
Timeline of events
Late 2024: Attackers conduct phone-based social engineering (“vishing”) to persuade users or admins to add malicious integrations to Salesforce, granting API-level access and ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE