A notorious main English -speaking Hacking Group launched a website to remove its victims, threatening to release a billion records stolen from companies storing their customers’ data hosted by salesfors.
The relaxed group, known as Lapsus $, scattered Spider and Shinoors, has published a dedicated data leak site on the dark web, called scattered lapsus $ Hunters.
The website, which was first seen by the threats on Friday by intelligence researchers and seen by Techcrunch, is to pressurize the victims to pay the hackers to avoid publishing their stolen data online.
“Contact us to gain control over data regime and prevent public disclosure of your data,” reads the site. “Don’t be the next title. All communications demand strict verification and it will be handled with discretion.”
In the last few weeks, the Shinyhunters gang allegedly hacked dozens of high-profile companies by breaking into its cloud-based database hosted by Salesforce.
Insurance giant Allianz Life, Google, Fashion Group Kairing, Airline Qantas, Carmecating Giant Salentis, Credit Bureau Transunion, and Employees Management Platform Workday, among many others, they confirmed that their data was stolen in these mass hacks.
Many alleged victims have been listed in the hackers’ leaked site, including Fedex, Hulu (ownership of Disney), and Toyota Motors, none of which responded to the request for comment on Friday.
It is not clear whether companies have been hacked, but not listed on the leaked site of the hacking group, has paid ransom to hackers to prevent its data from publishing. When arrived by Techcrunch, a representative of shinyhunters said, “There are many other companies that have not been listed,” but refused to say why.
At the top of the site, hackers refer to salesforce and demand that the company interacts on a ransom, threatening that otherwise “all your customers (SICs) will leaked data.” The voice of the message shows that the salesforce is not yet associated with hackers.
Salesforce spokesperson Nicole Aranda provided a link for the company’s statement, stating that the company is “aware of the recent recovering efforts by the danger actors.”
“Our findings indicate that these efforts are related to past or unrelated events, and we are associated with the affected customers to provide support,” Reads the statement“At this time, there is no indication that the salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.”
Aranda refused to comment further.
For weeks, security researchers have estimated that the group, which historically left a public presence online, planned to publish a data leak website to get their victims out.
Historically, such websites are associated with foreign, often dandruff, ransomware gangs. Over the years, these organized cyber crime groups have developed from stealing, asking their victim’s data and then asking for ransom privately, just threatening to publish the stolen data online until they pay.
Updated with comments from shinyhunters and comment from salesforce.
