Ransomware Group Debuts Salesforce Customer Data Leak Site

Scattered Lapsus$ Hunters Claims 1 Billion Stolen Records, Pressures Victims to Pay Mathew J. Schwartz (euroinfosec) • October 3, 2025

A notorious ransomware group launched Friday a data-leak site designed to pressure victims of a large Salesforce data breach into paying extortion money.

See Also: Preparing for the Next Attack

The Scattered Lapsus$ Hunters operation's new darkweb data-leak site lists 39 victims, all of which integrated their Salesforce customer relationship management software with the Salesloft Drift artificial intelligence chatbot. Named victims include Cisco, Disney, KFC, Ikea, Marriott, McDonald's, Walgreens, as well as grocery giant Albertsons and retailer Saks Fifth Avenue.

The group - ShinyHunters for short - claimed last month to have stolen 1.5 billion Salesforce records from 760 Salesloft Drift-using companies. Companies listed on the leak site account for the bulk of those records, according to ShinyHunters. On a dedicated Telegram channel, the group on Friday ...