A well-known hacking group says it has stolen about one billion records from companies using Salesforce cloud databases. The criminals have launched a dark web site where they threaten to leak the data unless victims pay up.
The group has gone by several names over the years, including Lapsus$, Scattered Spider, and ShinyHunters. Their new site is called Scattered LAPSUS$ Hunters. Researchers first spotted the site on Friday. It contains ransom notes urging companies to make contact. The hackers warn: Do not be the next headline.
In recent weeks, ShinyHunters reportedly broke into dozens of major companies by exploiting Salesforce-hosted databases. Allianz Life, Google, luxury giant Kering, Qantas Airways, Stellantis, TransUnion, and Workday have all confirmed data was stolen. The leak site also lists FedEx, Hulu, and Toyota as victims, though those firms have not commented.
The hackers claim that more companies were breached but not listed. A representative told researchers there are “numerous other companies” involved but refused to explain why they remain unnamed. This has raised speculation that some may have paid ransom to avoid exposure.
At the top of the leak site, the hackers singled out Salesforce itself. They demanded direct talks and threatened to leak “all your customers data” if ignored. Their tone suggests that Salesforce has not engaged with them.
Salesforce spokesperson Nicole Aranda pointed to the company’s official statement. The statement said there is no evidence the Salesforce platform itself was breached. “Our findings indicate these attempts relate to past or unsubstantiated incidents,” Salesforce noted. The company added that it continues to support affected customers and stressed that no known vulnerability in its technology was exploited.
For years, researchers have expected this group to launch a public data leak site. Many ransomware gangs now follow this model. Instead of encrypting systems and asking quietly for ransom, they publish threats to expose stolen data. This public extortion increases pressure on companies to pay.
The claim of one billion stolen records is staggering. If confirmed, it would rank among the largest corporate data breaches ever recorded. With household names already involved, the attack highlights how fragile cloud databases can be when targeted by skilled hackers.
