- Shinyhuters claims a flight of 1.5 billion files of 760 global companies
- The attackers exploited the GitHub secrets to access the tables of sensitive dirty objects
- The FBI has issued warnings while the hackers announced that they were “going to be dark
Shinyhuanters finally revealed the amount of data he stolen in the Salesloft / Salesforce attack, saying that he took 1.5 billion files from 760 companies around the world.
In March 2025, threatening actors of three groups: Shinyhuters, Lapsus $ and Spider dispersion, united their forces and violated the Github repository of Salesloft, which contained the source codes of society. Using malware of truffles, they scanned the code for secrets and found oauth tokens for the messaging platforms Salesloft Drift and Drift.
From there, they were able to access different tables of Salesforce objects, belonging to various companies. These tables, labeled “account”, “contact”, “case”, “opportunity” and “user”, contained all kinds of sensitive files that the attackers managed to exfiltrate.
Awaiting confirmation
The majority (579 million) come from the contact table. Box was the second largest table compromised with 459 million files, followed by an account (250 million), contact (171 million), an opportunity (171 million) and a user (60 million).
To prove their statements, ShinyHuanters shared a text file listing the source code files. So far, Salesforce has not commented on these statements.
We contacted Salesforce and update the article if we hear – and a source has been told Bleeping Compompute that the numbers are correct.
It remains to be seen that criminals died or no more that they cannot chew.
After the incident, the FBI issued a security notice, warning companies of UNC6040 and UNC6395 (how it follows groups) and sharing known compromise indicators (IOC).
At the same time, groups announced that they were “dark”, which certain cybersecurity societies interpreted as they are afraid of the growing attention they have retained.
If these claims are true, this would also put the incident at the same level as the file transfer of files managed by Moveit 2023, which affected thousands of organizations and millions of users worldwide.
Via Bleeping Compompute
