Hackers stole nearly 1 billion records from cloud tech giant Salesforce

A group of hackers believed to be involved in a recent series of ransomware attacks on major British retailers said on October 3 that they had stolen nearly 1 billion records from cloud technology giant Salesforce by targeting companies using its software.

A group calling itself Scattered LAPSUS$ Hunters claims to have obtained Salesforce data, which it says contains personally identifiable information. The group also claimed responsibility for attacks on Marks & Spencer, Co-op, and Jaguar Land Rover earlier this year.

Meanwhile, Salesforce said its systems were not hacked. A Salesforce spokesperson said the hacking was not related to any known vulnerabilities in its technology.

One of the hackers, who called himself Shiny, said the group did not directly attack Salesforce, but instead targeted the platform's customers using "vishing" - or voice phishing, a form of phone fraud in which hackers impersonate employees and call IT support.

The hackers listed about 40 other companies that were attacked. It was not immediately clear if those companies were Salesforce customers. Neither the hackers nor Salesforce declined to say whether ransom negotiations were underway.

In June, Google cybersecurity researchers said the group of hackers — which they tracked as “UNC6040,” — was particularly effective at tricking employees by installing a modified version of Salesforce’s Data Loader, a proprietary tool used to import bulk data into Salesforce environments.

In July, British police arrested four people under the age of 21 as part of an investigation into cyber attacks that disrupted the operations of retailers in the UK./.

Source: https://www.vietnamplus.vn/tin-tac-danh-cap-gan-1-ty-ho-so-cua-ga-khong-lo-cong-nghe-dam-may-salesforce-post1068026.vnp