- Dispatched lapsus hunters launch the data leak site to put pressure on the victims of the ransom of negotiations
- The attackers used the Drift of Salesloft application to access data from Salesforce customers, not in Salesforce himself
- The victims include Cloudflare, Zscaler, Tenable; Salesforce denies compromises of the platform or active vulnerabilities
Dispmed Lapsus $ Hunters, a team of sadly famous hacking groups scattered Spider, Lapsus $ and shiny hunters, apparently created a data leak and autonomous extortion page in order to put their victims to pay their ransom requests.
Earlier in 2025, the news announced that the attackers managed to violate a third -party application – the integration of the drift of Salesloft – and to steal oauth and refreshment tokens. Then they used the tokens to call the dirty APIs of the APP customers and the exfiltrate data such as customer contact records, case and similar objects. Salesforce himself was not raped, but the data hosted by customers were nevertheless entered.
The list of attacked organizations is quite complete and includes a certain number of heavy strikers such as Cloudflare, Palo Alto Networks, Zscaler, Tenable and others.
“Not founded incidents”
Now, threat actors urge the victims to reach out and negotiate an agreement: “Contact us to regain control of data governance and prevent public disclosure of your data,” said the announcement. “Don’t be the next title. All communications require strict verification and will be managed with discretion. ”
Researchers fromTechcrunchWho claims to have seen the page at the end of last week, says that the list on the site is missing a few names known for having been raped and speculates that certain companies may have already paid the ransom request.
The pirates, however, did not deny – or confirmed – these speculations, saying to the publication: “There are many other companies which have not been listed”.
Salesforce, on the other hand, does not seem to be wrapped in new development, a spokesperson saying: “Our results indicate that these attempts relate to past or uninformed incidents, and we remain engaged with affected customers to provide support.”
“For the moment, nothing indicates that the Salesforce platform has been compromised, and this activity is not linked to a vulnerability known in our technology.”
Follow Techradar on Google News And Add us as a favorite source To get our news, criticisms and expert opinions in your flows. Be sure to click on the follow!
And of course, you can also Follow Techradar on Tiktok For news, criticism, unpacking in video form and obtain regular updates to us on Whatsapp Also.
