A new cybercrime alliance called “Scattered LAPSUS$ Hunters” claims to have breached Salesforce, threatening to leak nearly one billion records. The attack involved sophisticated social engineering tactics, mainly voice phishing, to gain unauthorized access to high-profile clients like Toyota, FedEx, and Disney. #LAPSUS$ #ScatteredSpider #SalesforceBreach
Keypoints
- The “Scattered LAPSUS$ Hunters” alliance has launched a website to threaten Salesforce with a massive data leak.
- The breach was achieved through social engineering, specifically voice phishing, not exploiting Salesforce’s core vulnerability.
- Attackers manipulated employees into authorizing malicious apps, granting access tokens and bypassing multi-factor authentication.
- Numerous high-profile organizations, including Toyota, FedEx, Disney, and Home Depot, are listed as affected victims.
- The compromised data includes sensitive PII, strategic business records, and extensive client information from Salesforce infrastructure.