Hackers have released stolen data related to US Insurance Giant Allianz Life, which highlights 2.8 million records with sensitive information on business partners and customers in ongoing salesforce data theft attacks.
Last month, Elianz Life revealed that it faced a data breech when personal information for its “majority” of its 1.4 million customers was stolen from third party, cloud-based CRM system on 16 July.
While the company did not name the provider, BlappingCoper earlier stated that the incident was part of a wave of salesforce-targeted theft by the forced recovery group.
Over the weekends, actors with shinyeters and other danger created a telegram channel claiming overlap with “scattered Spider” and “Lapsus $”, which was created a Telegram Channel called “” “” “”.Scalplapsap 1d3rhunters “ Taking credit for a string of high-profile violations, to taunt cyber security researchers, law enforcement and journalists.
Many of these attacks were not first held responsible for any danger actor, including attacks on Internet Archive, Piercene and Coinbase.
One of the attacks claimed by the danger actors is Eliyanz Life, for which they proceeded to leak the full database stolen from the company’s salesforce institutes.
These files include salesforce “accounting book” And “Contact“The database table, which has about 2.8 million data records for individual customers and business partners, such as money management companies, brokers and financial advisors.
Leak salesforce data includes sensitive personal information, such as name, address, phone number, date of birth, and tax identity number, as well as professional details such as license, firm affiliation, product approval and marketing classification.
Bleepingcomputer is able to confirm with many people that their data is accurate in leaked files, including their phone number, email address, tax ID and other information contained in the database.
Bleepingcomputer contacted Allianz Life about the leaked database, but it was reported that they could not comment as the investigation is on.
Salesforce data-chori attack
Salesforce data theft attacks are believed to have been launched at the beginning of the year, in which the danger actors have conducted social engineering attacks so that employees can be tricked to add a malicious OAUTH app with their company’s salesforce examples.
Once the link was linked, the danger actors used connections to download and steal the database, which was then used to remove the company via email.
The demand for forced recovery was sent to the companies through email and signed as coming from Shinhetors. This infamous forced recovery group has been linked to several high-profile attacks over the years, including AT&T, powerscool and snowflake attacks.
While the shinhoreslers are known to target Cloud -mother -in -law app and website database, they are not known for this type of social engineering attacks, creating many researchers and media scattered spider for some salesforce attacks.
However, Shinyhunters told Bleepingcomputer the “shinhores” group and “scattered spider” that now one and the same is the same.
“As we have already said repeatedly, shiny and scattered spiders are one and the same,” Shinhetors told BlappingCopper.
“They provide us an initial access and we conduct dump and exfIs of salesforce CRM examples. Like we did with Snowflake.”
It is also believed that many members of the group share their roots in another hacking group, known as lapsus $, which was responsible for several attacks in 2022-2023, before some of their members were arrested.
Lapsus $ Rockstar Games, Uber, 2K, Okta, T-Mobile, Microsoft, UBISOFT and NVIDIA were behind violations.
Like the scattered spider, Lapsus $ was also experts in social engineering attacks and SIM swap attacks, allowing them to run more than billion and trillion-dollar companies.
Over the years, there have been many arrests associated with all three colleges, so it is not clear that the current danger actor is an old threat actor, new ones who have raised Mantle, or are simply using these names to put false flags.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
