A hacking group has claimed responsibility for stealing nearly one billion records linked to Salesforce customers, raising alarm across the UK retail sector.
The cybercriminals, who call themselves “Scattered LAPSUS$ Hunters,” told Reuters on Friday that they obtained data containing personally identifiable information by targeting companies that use Salesforce software. The group also claimed it was behind earlier cyberattacks on Marks & Spencer, the Co-op, and Jaguar Land Rover.
Salesforce, however, has pushed back on the claims. The cloud software giant said its own systems were not breached. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology,” a company spokesperson said.
One of the hackers, using the alias Shiny, told Reuters the group did not hack Salesforce directly. Instead, they used “vishing” — or voice phishing — tricking company help desks into giving them access by pretending to be employees.
On Friday, the group published a leak site on the dark web, naming around 40 more companies it said it had hacked. It remains unclear if those firms are Salesforce clients. Neither Salesforce nor the hackers confirmed whether ransom negotiations are taking place.
Security researchers have been tracking the group closely. Google’s Threat Intelligence team, which refers to them as “UNC6040,” noted in June that the hackers have been particularly successful in deceiving employees into installing a tampered version of Salesforce’s Data Loader tool, used for bulk data transfers.
Investigators say the hackers may have links to “The Com,” a loose online network of cybercriminal groups known for both digital fraud and, in some cases, violent activity.
The growing number of attacks has prompted law enforcement action. In July, British police arrested four people under 21 in connection with cyberattacks that disrupted major UK retailers.
The claims against Salesforce highlight the rising risks of social engineering attacks, where the weakest link isn’t always the technology, but the human element behind it.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
