Salesforce Data Breach: Hackers Claim Theft of 1 Billion Customer Records

A notorious hacking group has launched a dark web extortion site claiming to have stolen nearly 1 billion records from Salesforce customer databases, targeting dozens of major companies that use the cloud platform for customer management. The group, known as “Scattered LAPSUS$ Hunters” and linked to ShinyHunters, Scattered Spider, and LAPSUS$, demands ransom payments to prevent the release of sensitive data, including personally identifiable information (PII) from entities like Google, Toyota, FedEx, Disney, and Home Depot. For cybersecurity professionals, enterprise IT leaders, and data privacy advocates searching Salesforce hack 1 billion records, ShinyHunters Salesforce breach, or Salesforce data extortion 2025, this campaign—first reported by TechCrunch on October 3, 2025—exploits compromised third-party integrations like Salesloft and Drift via vishing (voice phishing) to access API-level data, bypassing Salesforce’s core systems. Salesforce maintains that its platform was not directly hacked, attributing incidents to past or unsubstantiated events, and is supporting affected customers. With at least 14 lawsuits filed in September 2025 alleging negligence, the breach could cost victims millions in remediation and regulatory fines.

https://voice.lapaas.com/salesforce-hack-1-billion-records-2025/