""We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities," the advisory said. "Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support," it continued. "At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.""
"Prior to the leak site going live on Friday, Google and Salesforce notified organizations believed to be affected. In August, a campaign abusing OAuth tokens via Salesloft's Drift integration came to light, allowing attackers to access numerous companies' Salesforce instances - Cloudflare says the compromise hit "hundreds" of organizations - and steal customer data. Google Threat Intelligence Group later confirmed the attacks, while Salesloft brought in Chocolate Factory's Mandiant incident response team to investigate the Drift campaign."
A crew calling itself Scattered LAPSUS$ Hunters reemerged with a data-leak site listing about 40 companies' Salesforce environments and demanded $989.45 to prevent publication of roughly one billion claimed records. The group set an October 10 deadline for Salesforce to negotiate payment or face customer data leaks. Salesforce stated recent extortion attempts relate to past or unsubstantiated incidents, affirmed no indication the platform has been compromised, and said it is supporting affected customers. Earlier OAuth token abuse via Salesloft's Drift integration allowed attackers to access numerous Salesforce instances, with hundreds of organizations reportedly impacted and investigations ongoing.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]