Qantas customer data leaked by hackers after ransomware attack

• Hackers reportedly leaked data of 5 million Qantas customers after failed extortion attempt
• Attackers exploited Salesloft-Salesforce integrations to access and steal customer data
• 44 companies were affected, including Disney, Toyota, McDonald’s, and Vietnam Airlines

Australia’s biggest airline, Qantas, is one of 44 companies whose sensitive customer data ended up on the dark web. Now, numerous cybercriminals have easy access to contact and flight information on millions of people, which they can use for phishing, identity theft, fraud, and other attacks.

Last summer, a group of hackers going by the name Scattered Lapsus$ Hunters broke into Salesforce accounts belonging to hundreds of organizations in different industries - although Salesforce itself was not breached.

The attackers compromised Salesloft accounts that were integrated with Salesforce and exploited the linked API tokens and OAuth connections to pivot into Salesforce environments and exfiltrate customer data.