- Hackers have allegedly leaked the data of 5 million Qantas customers after a failed extortion attempt.
- Attackers leveraged Salesloft-Salesforce integrations to access and steal customer data.
- 44 companies were affected, including Disney, Toyota, McDonald’s and Vietnam Airlines.
Australia’s largest airline, Qantas, is one of 44 companies whose sensitive customer data ended up on the dark web. Now, many cybercriminals have easy access to the contact details and theft information of millions of people, which they can use for phishing, identity theft, fraud and other attacks.
Last summer, a group of hackers called Scattered Lapsus$ Hunters broke into Salesforce accounts belonging to hundreds of organizations across different industries – although Salesforce itself was not hacked.
Attackers compromised Salesloft accounts integrated with Salesforce and leveraged linked API tokens and OAuth connections to pivot into Salesforce environments and exfiltrate customer data.
“Don’t be the next headline”
The group attempted to extort money from Qantas, offering to delete the stolen files in return. The airline, however, refused to even discuss the matter with the attackers, telling Guardian Australia it would “not engage, negotiate with or pay any extortion demands”.
In response, Scattered Lapsus$ Hunters posted the stolen files on the dark web. The archive includes the personal records of 5 million Qantas customers, including people’s names, email addresses, phone numbers, dates of birth and frequent flyer numbers. Credit card details, financial information and passport details were not stolen, it was said.
“Don’t make the headlines, I should have paid the ransom,” the group posted on its data leak site.
But apparently Qantas isn’t the only company whose data was leaked in this wave. Citing analysts at cybersecurity firm Intel 471, the Guardian reported that 44 companies were involved in the leak, including Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea and Adidas.
Scattered Lapsus$ Hunters is a group made up of members of Scattered Spider, Lapsus$ and ShinyHunters. Shortly after the Salesloft/Salesforce breach, they announced “going black”, which the cybersecurity community interpreted as a fear of too much publicity. Obviously, this didn’t last long.
Via The Guardian
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
