- LapSus $ hunters launch data leakage site to press victims in rescue negotiations
- The attackers exploited the Salesloft Drift application to access the Salesforce client data, not Salesforce in itself
- The victims include Cloudflare, Zscaler, tenable; Salesforce denies the commitment of the platform or active vulnerabilities
Lapsus $ scattered hunters, a team of dispersed infamous piracy groups, Lapsus $ and bright hunters, apparently has created an independent data leak and an extortion page to press their victims to pay their rescue demands.
In early 2025, it was learned that the attackers managed to violate a third -party application, the integration of Drift of Salesloft, and steal and update tokens. Then, they used the tokens to call the API Salesforce of the customers of the application and exfiltrate data, such as customer contact records, cases of cases and the like. Salesforce itself was not violated, but the data housed by customers were trapped anyway.
The list of attacked organizations is quite extensive and includes several heavy batters such as Cloudflare, Palo Alto Networks, Zscaler, Tenable and others.
“Incidents without foundation”
Now, the threat actors urge victims to communicate and negotiate an agreement: “Contact us to recover control over the data government and avoid the public dissemination of their data,” says the announcement. “They are not the next head. All communications demand a strict verification and will be handled with discretion.”
Researchers fromTechcrunchThat they claim to have seen the page at the end of last week, they say that the list loses some names that are known to have been violated, and speculates that some of the companies may have already paid the rescue demand.
The computer pirates, however, did not deny, confirm, these speculations, saying the publication, “there are many other companies that have not been listed.”
Salesforce, on the other hand, seems not false because of the new development, with a spokesman who says: “Our findings indicate that these attempts are related to past or foundation incidents, and we continue to commit to the affected customers to provide support.”
“At this time, there are no indications that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.”
Keep PakGazette on Google News and Add us as a preferred source To get our news, reviews and opinion of experts in their feeds. Be sure to click on the Force button!
And of course you can also Keep PakGazette in Tiktok For news, reviews, video deciphes and get regular updates from us in WhatsApp also.
You may also like
