Scattered LAPSUS$ Hunters ← Return to Home Page
Salesforce
We highly advise you proceed into the right decision, your organisation can prevent the release of this data, regain control over the situation and all operations remain stable as always. We highly recommend a decision-maker to get involved as we are presenting a clear and mutually beneficial opportunity to resolve this matter.
industry
SaaS/CRM
data volume
Multiple TBs
compromise date
MID 2024
deadline
10-10-2025
status
Active
Compromised Data Overview

This message serves as formal notification that Salesforce, Inc. has been hacked by us and faced a major information security breach.

Near 1 billion records containing sensitive Personally Identifiable Information (PII) have been exfiltrated from your systems.

The processed data we took includes information subject to a lot of privacy regulations. As we have it in our possession, you are directly facing cross-border legal exposure.

Other records hold strategic value, which could compromise Salesforce, Inc.’s market position if released.

We also dumped over 100+ other unnamed instances because you do not enforce 2FA or any other type of OAuth Apps security.

Failure to meet these demands will ultimately have us release all of the compromised data and you will be dealing with the escalation of all consequences described above. Because you had no preventive measures in place you will be dealing with them a lot.

A lot more information about full lists of companies and each of their data samples can be provided to you, if requested.

Unless you comply with our demand, as of 10/10/25 (deadline), we will be openly complying with the many law firms that are pursuing civil and commercial litigation against you. Specifically, we will be cooperating with the Berger Montague Law Firm if you do not comply with our request. Not only will we provide them with full lists of affected companies along with the information on the breach and data samples of each affected companies, we will also be contacting said companies and affected individuals from each companies with instructions to aid law firms with their lawsuits against your company.

We will also be documenting publicly how your company made little to no attempt to prevent unauthorised access to PII, which contained, including but not limited to, Driver Licenses, Date of Births, Social Security Numbers, and more. For example, we e-mail taunted you from shinygroup[at]tuta[.]com in July 2025 and you never took any further preventative action to stop us. This especially proves our point, it would be bad if we went public with this and showed proof.

We will also be submitting a full document, with clear outlines of how your company as a data controller under European GDPR and many other similar laws such as CCPA, HIPAA, etc. could have, over our year long campaign, prevented such intrusions and data-thefts.

This document will contain technical details regarding how our attacks were conducted, the fingerprint of our requests and how this clear defined pattern of networking traffic could have been easily blocked. This document will contain specific details regarding; number of US, Californian, European, and many other global citizens affected from mainly data violation strict countries like South Korea and China, along with the fields of data exposed.

Lastly, our documentation will also include and suggest that there are grounds for Criminal Negligence charges. Salesforce had a duty of care, of implementing reasonable security measures to prevent these simple data breaches. Salesforce was provided the intelligence of the attacks taking place, the time and opportunity to make a reasonable effort to prevent these attacks. Considering that these attacks took place over many months, we believe that you have been criminally negligent to these attacks taking place.

Our documentation will be directly provided to the UNITED STATES DISTRICT OF NORTHERN DISTRICT OF CALIFORNIA, we will engage in open dialogue with our press contacts, civil/commercial litigation lawyers, and answering any questions asked.

As you have likely been informed by your lawyers. You are responsible as a data processor to take all measures pursuant to Article 32 of GDPR; section 2, in assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular, unauthorized disclosure of, or access to personal data transmitted, stored, of otherwise processed. As our campaign spans over a full year period, it is correct to say that you had time to assess your liabilities and risks, and then take all measures pursuant to that same article, under Section 2.

As you know all of this can be avoided. Very easily and swiftly.

To reiterate, we have full access to your systems, should the ransom demand not be met, your data will be released in full.

Should you comply, we will withdraw from any active or pending negotiation indiviually from your customers. Your customers will not be attacked again nor will they face a ransom from us again, should you pay. We are able to thoroughly elaborate more on this if you engage with us.

enterprise-grade data handling and customer care.
Specializing in high-value corporate data acquisition and strategic breach operations. Our expertise spans across automotive, financial, insurance, technological, telecommunications, ISPs, and multiple other sectors worldwide. We help you regain control.