Daily Dark Web
  • Home
  • Data Breaches
  • Inside the Adversary
    • Dark Web Informants
  • DDW Top Lists
  • Ransomware News
  • DarkWeb News
    • Vulnerability
    • Cyber Attacks
  • Unauthorized Accesses
  • About Us
No Result
View All Result
  • Home
  • Data Breaches
  • Inside the Adversary
    • Dark Web Informants
  • DDW Top Lists
  • Ransomware News
  • DarkWeb News
    • Vulnerability
    • Cyber Attacks
  • Unauthorized Accesses
  • About Us
No Result
View All Result
Daily Dark Web
No Result
View All Result
Home Data Breaches

Scattered LAPSUS$ Hunters Ransomware Group Claims New Victims on New Website

October 3, 2025
Reading Time: 3 mins read
Scattered LAPSUS$ Hunters Ransomware Group Claims New Victims on New Website

The newly formed cybercrime alliance, “Scattered LAPSUS$ Hunters,” has launched a new website detailing its claims of a massive data breach affecting Salesforce and its extensive customer base. This development is the latest move by the group, a notorious collaboration between members of the established threat actor crews ShinyHunters, Scattered Spider, and LAPSUS$. On their new site, the group is extorting Salesforce directly, threatening to leak nearly one billion records with a ransom deadline of October 10, 2025.

This situation stems from a widespread and coordinated campaign that targeted Salesforce customers throughout mid-2025. According to security researchers, the attacks did not exploit a vulnerability in Salesforce’s core platform. Instead, the threat actors, particularly those from the Scattered Spider group, employed sophisticated social engineering tactics.

The primary method involved voice phishing (vishing), where attackers impersonated corporate IT or help desk staff in phone calls to employees of target companies. These employees were then manipulated into authorizing malicious third-party applications within their company’s Salesforce environment. This action granted the attackers persistent access tokens (OAuth), allowing them to bypass multi-factor authentication and exfiltrate vast amounts of data. The alliance has now consolidated the data from these numerous breaches for this large-scale extortion attempt against Salesforce itself.

The website lists dozens of high-profile Salesforce customers allegedly compromised in the campaign. The list of alleged victims posted by the group includes:

  • Toyota Motor Corporations (🇯🇵): A multinational automotive manufacturer.
  • FedEx (🇺🇸): A global courier delivery services company.
  • Disney/Hulu (🇺🇸): A multinational mass media and entertainment conglomerate.
  • Republic Services (🇺🇸): An American waste disposal company.
  • UPS (🇺🇸): A multinational shipping, receiving, and supply chain management company.
  • Aeroméxico (🇲🇽): The flag carrier airline of Mexico.
  • Home Depot (🇺🇸): The largest home improvement retailer in the United States.
  • Marriott (🇺🇸): A multinational company that operates, franchises, and licenses lodging.
  • Vietnam Airlines (🇻🇳): The flag carrier of Vietnam.
  • Walgreens (🇺🇸): An American company that operates the second-largest pharmacy store chain in the United States.
  • Stellantis (🇳🇱): A multinational automotive manufacturing corporation.
  • McDonald’s (🇺🇸): A multinational fast food chain.
  • KFC (🇺🇸): A fast food restaurant chain that specializes in fried chicken.
  • ASICS (🇯🇵): A Japanese multinational corporation which produces sportswear.
  • GAP, INC. (🇺🇸): A worldwide clothing and accessories retailer.
  • HMH (hmhco.com) (🇺🇸): A publisher of textbooks, instructional technology materials, and assessments.
  • Fujifilm (🇯🇵): A multinational photography and imaging company.
  • Instructure.com – Canvas (🇺🇸): An educational technology company.
  • Albertsons (Jewel Osco, etc) (🇺🇸): An American grocery company.
  • Engie Resources (Plymouth) (🇺🇸): A retail electricity provider.
  • Kering (🇫🇷): A global luxury group that manages brands like Gucci, Balenciaga, and Brioni.
  • HBO Max (🇺🇸): A subscription video on-demand service.
  • Instacart (🇺🇸): A grocery delivery and pick-up service.
  • Petco (🇺🇸): An American pet retailer.
  • Puma (🇩🇪): A German multinational corporation that designs and manufactures athletic footwear and apparel.
  • Cartier (🇫🇷): A French luxury goods conglomerate.
  • Adidas (🇩🇪): A multinational corporation that designs and manufactures shoes, clothing, and accessories.
  • TripleA (aaa.com) (🇺🇸): A federation of motor clubs throughout North America.
  • Qantas Airways (🇦🇺): The flag carrier of Australia.
  • CarMax (🇺🇸): A used vehicle retailer.
  • Saks Fifth (🇺🇸): An American luxury department store chain.
  • 1-800Accountant (🇺🇸): A nationwide accounting firm.
  • Air France & KLM (🇫🇷/🇳🇱): A major European airline partnership.
  • Google Adsense (🇺🇸): A program run by Google through which website publishers serve advertisements.
  • Cisco (🇺🇸): A multinational digital communications technology conglomerate.
  • Pandora.net (🇩🇰): A Danish jewelry manufacturer and retailer.
  • TransUnion (🇺🇸): An American consumer credit reporting agency.
  • Chanel (🇫🇷): A French luxury fashion house.
  • IKEA (🇸🇪): A Swedish-founded multinational group that designs and sells ready-to-assemble furniture.

According to the actor, the breach involves nearly 1 billion records from Salesforce and its clients. The allegedly compromised data includes:

  • Sensitive Personally Identifiable Information (PII)
  • Strategic business records that could impact market position
  • Data from over 100 other demand instances hosted on Salesforce infrastructure
Tags: CyberSecuritydata-breachextortionSalesforceScattered Lapsus$ Huntersscattered-spiderShinyHunterssupply-chain attackvishing
ShareTweet

Related Posts

Uganda Ministry of Agriculture MAAIF Suffers Data Breach
Data Breaches

Uganda Ministry of Agriculture MAAIF Suffers Data Breach

April 27, 2026
Ellipal Cryptocurrency Wallet Suffers Alleged Data Breach
Data Breaches

Ellipal Cryptocurrency Wallet Suffers Alleged Data Breach

April 27, 2026
BlackSexFinder Adult Platform Suffers Massive Data Breach
Data Breaches

BlackSexFinder Adult Platform Suffers Massive Data Breach

April 27, 2026
Jeff Honeycutt Insurance Agency Data Breach Exposes Client Info
Data Breaches

Jeff Honeycutt Insurance Agency Data Breach Exposes Client Info

April 27, 2026
FFWPU and Tongil Group Face Extensive Data Breach
Data Breaches

FFWPU and Tongil Group Face Extensive Data Breach

April 27, 2026
Terra West Management Services Suffers Major Data Breach
Data Breaches

Terra West Management Services Suffers Major Data Breach

April 24, 2026
Next Post
Scattered LAPSUS$ Hunters Claims Red Hat, S&P Global Breaches

Scattered LAPSUS$ Hunters Claims Red Hat, S&P Global Breaches

PT Surveyor Indonesia Data Breach Exposes Client Data

PT Surveyor Indonesia Data Breach Exposes Client Data

Recommended Stories

Kukje Pharm Co., Ltd. Suffers Ransomware Attack by Gunra

Kukje Pharm Co., Ltd. Suffers Ransomware Attack by Gunra

April 8, 2026
Medusa Ransomware Attack Hits Brazilian University USCS and Staffing Firm WR Commercial

Medusa Ransomware Attack Hits Brazilian University USCS and Staffing Firm WR Commercial

November 25, 2025
CARSTAR Business Group Allegedly Hit by Sarcoma Ransomware

CARSTAR Business Group Allegedly Hit by Sarcoma Ransomware

July 14, 2025

Popular Stories

  • SudamericaData Breach Exposes Over 1TB of Argentine Records

    SudamericaData Breach Exposes Over 1TB of Argentine Records

    0 shares
    Share 0 Tweet 0
  • Threat Actor Claims Sale of Dell Database Containing 49 Million Customer Records

    0 shares
    Share 0 Tweet 0
  • SUUMO, CHINTAI, At Home, HOME’S Suffer Data Breach

    0 shares
    Share 0 Tweet 0
  • Financial Tech Giant SilverLake Axis Allegedly Breached – 423GB of Data for Sale

    0 shares
    Share 0 Tweet 0
  • Telekom Serbia Investigates Leak of 160,000 Customer Records

    0 shares
    Share 0 Tweet 0
Daily Dark Web

Disclaimer: Daily Dark Web (DDW) is an independent media platform providing information, analysis, and reporting on cybersecurity, cyber incidents, and related digital developments. All content published on this website is for informational and journalistic purposes only. DDW does not support, endorse, or promote any illegal activities, threat actors, or organizations referenced in its content. Any statements, claims, or opinions expressed by third parties, including interview subjects, are their own and do not reflect the views of DDW. Such content may include unverified information and should be interpreted critically. DDW does not participate in, facilitate, or coordinate any activities discussed or referenced on this platform. Under no circumstances should any content be interpreted as encouragement, instruction, or endorsement of unlawful actions. All interactions and publications are conducted in the public interest to enhance awareness and understanding of the evolving cyber landscape.

No Result
View All Result
  • About Us
  • Home
  • Newsletter
  • Privacy Policy

Disclaimer: Daily Dark Web (DDW) is an independent media platform providing information, analysis, and reporting on cybersecurity, cyber incidents, and related digital developments. All content published on this website is for informational and journalistic purposes only. DDW does not support, endorse, or promote any illegal activities, threat actors, or organizations referenced in its content. Any statements, claims, or opinions expressed by third parties, including interview subjects, are their own and do not reflect the views of DDW. Such content may include unverified information and should be interpreted critically. DDW does not participate in, facilitate, or coordinate any activities discussed or referenced on this platform. Under no circumstances should any content be interpreted as encouragement, instruction, or endorsement of unlawful actions. All interactions and publications are conducted in the public interest to enhance awareness and understanding of the evolving cyber landscape.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?