Yazılar

Hacker Group Claims Theft of Nearly 1 Billion Salesforce Records; Company Denies Breach

/in /tarafından

A hacker collective calling itself “Scattered LAPSUS$ Hunters” claims to have stolen nearly 1 billion records linked to Salesforce, the global cloud software giant, by targeting companies that use its platform. The group—believed to be behind recent ransomware attacks on major U.K. retailers including Marks & Spencer, Co-op, and Jaguar Land Rover—told Reuters the stolen data contains personally identifiable information (PII).

Salesforce, however, firmly denied that its systems were compromised. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology,” a company spokesperson said.

One hacker, identifying themselves as “Shiny,” told Reuters that the group did not directly hack Salesforce infrastructure but instead exploited its customers through “vishing”—a voice-phishing technique where attackers impersonate employees in calls to IT help desks to gain system access.

The group published a leak site on the dark web on Friday listing around 40 allegedly hacked companies, though it remains unclear how many are Salesforce clients. Both Salesforce and the hackers declined to confirm whether any ransom demands had been made.

In a June report, Google’s Threat Intelligence Group (TAG)—which tracks the hackers as “UNC6040”—said the group had been highly effective at deceiving employees into installing modified versions of Salesforce’s Data Loader, a proprietary tool used to import large volumes of customer data.

Google researchers also noted that the attackers’ infrastructure overlaps with an amorphous cybercriminal network known as “The Com”, a loosely connected ecosystem infamous for social engineering, ransomware, and even violent activity.

The claims come amid an ongoing U.K. police investigation into the earlier wave of cyberattacks that disrupted retail operations nationwide. In July, authorities arrested four individuals under 21 suspected of involvement in the breaches.

While Salesforce’s denial suggests its core systems remain intact, the episode underscores a growing cybersecurity challenge: attackers are increasingly bypassing well-secured platforms by manipulating the humans who use them.

As digital ecosystems become ever more interconnected, the breach—real or exaggerated—illustrates how even the most secure cloud providers can be dragged into the fallout of their customers’ weakest link: trust.

Britain’s Co-op Warns of $161 Million Profit Hit From Cyberattack

/in /tarafından

The Co-op Group, one of the UK’s most recognizable retailers, said on Thursday that a “sophisticated” cyberattack in April will reduce its annual profit by about £120 million ($161 million).

The 181-year-old, member-owned cooperative—which operates supermarkets, funeral services, legal, and insurance businesses—said it moved quickly to shut down several systems to contain the breach. That decision, however, caused major operational disruption, including shortages in food availability at stores.

The financial toll was clear in its latest results: for the first half of the year to July 5, revenue dropped by £206 million, while profit fell by £80 million. The company reported an underlying pre-tax loss of £75 million, compared with a £3 million profit a year earlier.

Finance chief Rachel Izzard said the full-year impact will total £120 million, with only limited insurance recovery. “We had the front-end elements of cyber insurance in place … but we don’t believe we will be claiming on insurance for back-end losses,” she explained.

Roughly £40 million of the second-half hit reflects new investments to strengthen cyber defenses. The Co-op’s Chief Digital and Information Officer, Rob Elsey, said attackers gained access through social engineering, impersonating a colleague to compromise their account—similar to a recent attack on Marks & Spencer.

The group’s food retail business, which generates the bulk of its revenue, slipped 1.6% to £3.6 billion, as it lost market share to rivals. Overall revenue was down 2.1% to £5.5 billion.

The company expects the rest of the year to bring continued pressure from high costs, global volatility, and intense competition, but still plans to open 30 new stores.