Domains used by notorious hacking group ShinyHunters for Salesforce hacks disrupted in FBI takedown

The domains used by Scattered Lapsus$ Hunters to host data leak websites were reportedly seized by law enforcement just as the group was about to leak files stolen in the Salesloft/Salesforce breach.

#salesforce #Salesloft #ShinyHunters #FBI #security #cybersecurity #hackers #hacking #hacked

https://www.techradar.com/pro/security/domains-used-by-notorious-hacking-group-shinyhunters-disrupted-in-fbi-takedown

ShinyHunters Wage Broad Corporate Extortion Spree

https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/

#ScatteredLAPSUS$Hunters #OracleE-BusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #CVE-2025-61882 #AustinLarsen #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395

NEW: PowerSchool hit by Salesloft Drift campaign, but hackers claim that there is no risk of harm or ransom

https://databreaches.net/2025/10/04/powerschool-hit-by-by-salesloft-drift-campaign-but-hackers-claim-that-there-is-no-risk-or-harm-or-ransom/

#PowerSchool #EduSec #EdTech #Salesloft #Salesforce #cybersecurity #databreach

@douglevin @funnymonkey @brett @mkeierleber @campuscodi

FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data

groups have recently been observed targeting organizations' Salesforce platforms via different initial access mechanisms.

These data theft attacks were widespread, impacting large and well-known companies, such as Google, Adidas, Qantas, Allianz Life, Cisco, Kering, Louis Vuitton, Dior, and Tiffany & Co.

#Salesforce #Salesloft #FBI #security #cybersecurity #hackers #hacking #hacked

https://www.bleepingcomputer.com/news/security/fbi-warns-of-unc6040-unc6395-hackers-stealing-salesforce-data/

"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.

[...]

In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.

ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."

Read more of Lawrence Abrams' great reporting on Bleeping Computer:
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/

#Salesforce #Salesloft #Oauth #Drift #databreach #ransom #ShinyyHunters #ScatteredSpider #LAPSUS$ #UNC6040 #UNC6395

Tenable Confirms Data Breach – Hackers Accessed Customers’ Contact Details

Tenable has confirmed a data breach that exposed the contact details and support case information of some of its customers.

The company stated the incident is part of a broader data theft campaign targeting an integration between Salesforce and the Salesloft Drift.

#Salesforce #Salesloft #tenable #databreach #security #cybersecurity #hackers #hacking #hacked

https://cybersecuritynews.com/tenable-confirms-data-breach/

Salesloft confirms breach via GitHub → attackers stole Drift OAuth tokens & compromised Salesforce integrations.

Victims include Cloudflare, Zscaler, Palo Alto, Tenable, Rubrik, Proofpoint, Elastic & more (700+ orgs).
Experts: Non-human identities like API tokens are the next security blind spot.

💬 How is your org tackling API token risks? Follow @technadu for updates.

#Salesloft #GitHubBreach #CyberAttack #DataExposure #ThreatActor #CyberSecurity #SupplyChainRisk