Az VedeSep 12, 2025
Kevin Beaumont
I’ll say the elephant in the room - due to the sheer amount of Salesforce customers who have been hit, and that Salesforce is a fully SaaS service - Salesforce should have detected and been more proactive about all of their customer’s data being stolen. https://databreaches.net/2025/09/11/exclusive-high-end-fashion-retailers-gucci-balenciaga-brion-and-alexander-mcqueen-hit-by-salesforce-attacks/
Exclusive: High-end fashion retailers Gucci, Balenciaga, Brion, and Alexander McQueen hit by Salesforce attacks – DataBreaches.Net

Those readers who aren't A-listers (including yours truly) may never have heard of Kering , but you may have heard of their high-end fashion brands: Gucci. Yves

DataBreaches.Net
Sep 11, 2025 at 11:25pmWeb
Show threadKevin BeaumontSep 11, 2025

Snowflake did a really good job with their post incident review of the Snowflake Heist, where their SaaS service got pillaged.

Out of it they tightened MFA enforcement, Oauth changes, proactive monitoring etc.

Salesforce and Salesloft need to do the same. They also need better threat intel as the LAPSUS kids were quite openly talking about what they were doing.

Show threadKevin BeaumontSep 11, 2025
The Snowflake heist thread, for reference: https://cyberplace.social/@GossiTheDog/112536407633131499
Kevin Beaumont (@[email protected])

Very big cyber incident playing out at Snowflake, who describe themselves as “AI Data Cloud”. They have a free trial where anybody can sign up and upload data… and they have. Threat actors have been scraping customer data using a tool called rapeflake, for about a month.

Cyberplace
Show threadKevin BeaumontSep 11, 2025
Also, deleted all your data from SaaS platforms before you leave. https://infosec.exchange/@badsamurai/115188274209312838
B'ad Samurai 🐐 (@[email protected])

@[email protected] as it turns out, organizations who *used to* use Drift and cancelled their contracts, found their instances were never fully decom'd, but instead migrated to a free plan and the data plumbing was all still intact. So that's neat.

Infosec Exchange
Show threadlachlan slowly taming rustSep 11, 2025

@GossiTheDog A tort of privacy must exist. And, I'd suggest that proactive monitoring and prompt notification - given that it reduces the consequences to the effected - should be legislated as to be taken into account with damages (which would encourage proper behaviour).

And then should be followed up with a criminal provision that can piece the corporate veil, but if my last suggestion is a stretch, that one is on par with dealing 5 aces in a row from a standard 52 card deck.

Show threadMichael WeissSep 12, 2025

@lachlan @GossiTheDog I've been suggesting the tort solution for a while. This all happens because the economics of data privacy are essentially the same as that of pollution.

www.securityeconomist.com/digital-pollution-the-hidden-cost-of-insecurity/

Show threadfuzzyfuzzyfungusSep 12, 2025
@GossiTheDog It's minor compared to hospital ransomware and industrial disruption; but I have to wonder if someone is combing through those fashion brand sales data right now because that product category is basically ground zero for "I have disposable income that I may be spending on my not-spouse". It'd be a real pain vs. a single large payout from some sleazy IR bagman; but quite low risk and sophistication.
Show threadTravis ScottSep 12, 2025
@GossiTheDog corporations overwhelmingly don’t care about your data and refuse to pay for solid cybersecurity. They are on a race to the bottom.
Show threadC1S0Sep 12, 2025
@GossiTheDog I know someone who got a recent notice from SF saying that unexpected data (from other customers) may have ended up in their SF reports. The notice asked them to delete any data in reports that wasn't theirs. Not sure if related, but pretty odd.
Show threadCiggy Bringer of SmokeSep 12, 2025

@GossiTheDog

Kevin, can I ask for your support in the vigilant mission to uncover when graphics...people...adopted the schema of 'malicious actor hackers wear hoodies' despite the very pretense of how they do the thing they do not requiring face concealment.

It is killing me to allow this farce to go on unexamined.