Salesforce has stated it will not pay ransom despite a massive data theft campaign by threat actors linked to the ShinyHunters group, who aimed to extort numerous high-profile companies. The attackers utilized social engineering and OAuth token exploitation in two campaigns, threatening the leak of nearly 1 billion stolen records, though the data leak site is now shut down. #ShinyHunters #SalesforceDataBreaches
Keypoints
- Salesforce refused to negotiate or pay ransom amid widespread data theft threats.
- Threat actors created a data leak site targeting 39 companies, including Disney, Google, and IKEA.
- Two campaigns in 2024 and 2025 involved social engineering and OAuth token exploitation.
- Almost 1.5 billion data records were stolen from over 760 companies during the attacks.
- The data leak site used for extortion has been shut down, possibly seized by authorities.