Bleeping Computer reports:
The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.
For the past year, the threat actors have been targeting Salesforce customers in data theft attacks using social engineering and malicious OAuth applications to breach Salesforce instances and download data. The stolen data is then used to extort companies into paying a ransom to prevent the data from being publicly leaked.
These attacks have been claimed by threat actors stating they are part of the ShinyHunters, Scattered Spider, and Lapsus$ extortion groups, now calling themselves “Scattered Lapsus$ Hunters.” Google tracks this activity as UNC6040 and UNC6395.
760 companies? Less than 100 have disclosed their breaches.
Read more at Bleeping Computer.
