Search Results: SalesforceSecurity

The notorious ShinyHunters collective has launched a public extortion portal leaking stolen Salesforce data from companies including Google, FedEx, and Marriott. Threat actors demand ransoms under threat of full data exposure by October 10, while separately pressuring Salesforce to pay for global customer protection. This coordinated campaign exploits voice phishing and OAuth vulnerabilities, impacting billions of records across major corporations.

Google has notified potential Google Ads customers that their business contact information was exposed after threat actors known as ShinyHunters breached a Salesforce CRM instance. The attackers, now rebranded as Sp1d3rHunters, used social engineering and malicious OAuth apps to steal data, signaling persistent risks to cloud-integrated sales pipelines.

Google has revealed it fell victim to a data breach in a wave of targeted Salesforce CRM attacks orchestrated by the notorious ShinyHunters group, exposing business contact information. The incident underscores a broader campaign affecting major firms like Adidas and Cisco, with attackers using vishing to extort hundreds of thousands in ransom payments.

Danish jewelry giant Pandora has confirmed a data breach after threat actors stole customer information from its Salesforce database, part of a relentless wave of social engineering attacks targeting major enterprises. Hackers like ShinyHunters are exploiting weak authentication to extort companies, with victims including Adidas and LVMH subsidiaries. The incident underscores critical vulnerabilities in third-party cloud platforms and the urgent need for enhanced security measures.

French luxury giant Chanel confirms its US customer contact data was stolen, becoming the latest high-profile victim in a relentless wave of attacks targeting Salesforce instances. The ShinyHunters extortion group is exploiting employee vishing attacks to compromise credentials or install malicious OAuth apps, bypassing platform security. This breach underscores a critical vulnerability in cloud service dependencies: the human element.

The notorious ShinyHunters extortion group is systematically breaching major corporations including Qantas, LVMH, and Allianz Life through sophisticated voice phishing attacks targeting Salesforce CRM systems. Security researchers confirm these intrusions exploit social engineering to hijack OAuth connections, with stolen data now being used for private extortion attempts. The campaign reveals complex overlaps with Scattered Spider hackers and highlights critical third-party security blind spots in enterprise cloud environments.