The well-known English-speaking hacking group has launched a website to force victims and threatened to release around a billion records from companies that store customer data in a cloud database hosted by Salesforce.
A leisurely organized group known as Lapsus $, publishes a dedicated data leak site on the Dark Web, known as the scattered spiders and Shinyhunters, and called the scattered Lapsus $Hunters.
The website, first discovered by threat intelligence researchers on Friday and seen by TechCrunch, aims to pressure victims to pay hackers to prevent stolen data from being published online.
“Please contact us to regain control over data governance and prevent data from being published,” reads the site. “Do not enter the following headings. All communications require strict verification and will be processed at discretion.”
Over the past few weeks, the Shinyhunters gang has allegedly hacked dozens of well-known companies by infiltrating a cloud-based database hosted by Salesforce.
Image credit: TechCrunch (screenshot)
Insurance giant Allianz Life, Google, fashion conglomerate, Kering, airline Qantas, Carmaking Giant Stellarantis, Credit Bureau Trans Union, and employee management platform Workday have confirmed that data has been stolen from these mass hacks.
The hacker leak site lists several victims, including FedEx, Hulu (owned by Disney), and Toyota Motors.
It is not clear whether companies known to have been hacked but not listed on the hacking group leak site have paid a ransom to the hackers to prevent data from being released. Representatives of Shiny Hunters did not immediately respond to messages from TechCrunch.
At the top of the site, the hacker mentions Salesforce, requiring that the company negotiates the ransom, otherwise “all customers” [sic] Data will be leaked. “The tone of the message suggests that Salesforce is not yet involved with hackers.
A Salesforce spokesman did not respond to questions about TechCrunch outreach or violations.
For weeks, security researchers have speculated that a group that was historically publicly available online had planned to publish a data leak website to force victims.
Historically, such websites have often been associated with ransomware gangs in the Russian language. Over the past few years, these organized cybercriminal groups have been threatening to steal, encrypt victim data, evolve in search of personal ransom, and publish stolen data online unless they are paid.