Hackers Claim Nearly 1 Billion Salesforce Records Stolen

A hacking consortium calling itself “Scattered LAPSUS$ Hunters” published a dark‑web extortion site claiming roughly 1 billion customer records stolen from dozens of companies that store data in Salesforce‑hosted cloud environments. The site lists high‑profile victims — including Disney/Hulu, Toyota, FedEx, McDonald’s, Allianz Life, Qantas, TransUnion and Google — posted sample records some researchers say appear authentic, and set payment deadlines. Salesforce says its platform has not been compromised and that incidents appear to stem from social‑engineering attacks (notably vishing) against customer environments; Reuters, the FBI and security vendors have echoed that assessment. Researchers from Google and Mandiant warned attackers abused modified Data Loader tools and employee‑targeting techniques to access customer systems. Several affected firms have confirmed data was taken from Salesforce‑based environments, law enforcement and industry groups are investigating, and it remains unclear whether any victims have paid or whether Salesforce is negotiating with the hackers.