Search Results: ShinyHunters

In a bold stand against cyber extortion, UK fintech giant Checkout.com has refused to pay the ShinyHunters hacking group following a breach in a legacy cloud storage system. Instead of capitulating, the company plans to donate the ransom amount to leading cybersecurity research initiatives. This decision underscores a growing trend in corporate resilience against ransomware, with significant implications for payment processors and their global merchant networks.

The notorious ShinyHunters collective has launched a public extortion portal leaking stolen Salesforce data from companies including Google, FedEx, and Marriott. Threat actors demand ransoms under threat of full data exposure by October 10, while separately pressuring Salesforce to pay for global customer protection. This coordinated campaign exploits voice phishing and OAuth vulnerabilities, impacting billions of records across major corporations.

The ShinyHunters cybercrime group claims to have stolen 1.5 billion records from 760 Salesforce customers using compromised Salesloft Drift OAuth tokens. Major tech firms including Google, Cloudflare, and Palo Alto Networks were impacted, with attackers weaponizing support ticket data for credential harvesting. The breach highlights critical third-party integration risks and ongoing supply chain threats.

Canadian fintech leader Wealthsimple disclosed a data breach impacting nearly 30,000 clients after attackers exploited compromised third-party software. The incident, linked to the ShinyHunters gang's Salesloft supply-chain campaign, highlights escalating risks in vendor ecosystems despite no stolen funds or passwords.

Google has notified potential Google Ads customers that their business contact information was exposed after threat actors known as ShinyHunters breached a Salesforce CRM instance. The attackers, now rebranded as Sp1d3rHunters, used social engineering and malicious OAuth apps to steal data, signaling persistent risks to cloud-integrated sales pipelines.

Google has revealed it fell victim to a data breach in a wave of targeted Salesforce CRM attacks orchestrated by the notorious ShinyHunters group, exposing business contact information. The incident underscores a broader campaign affecting major firms like Adidas and Cisco, with attackers using vishing to extort hundreds of thousands in ransom payments.