Salesforce Resists Extortion Demand Amid 1 Billion Records Breach
On October 8, 2023, Salesforce, a leading cloud-based service provider, publicly stated that it will not pay the extortion demand made by a criminal group that claimed to have stolen nearly one billion records from its customers. This threat group, identified by cybersecurity firm Mandiant as Scattered LAPSUS$ Hunters, has been carrying out a campaign since May, targeting organizations that store data on the Salesforce platform. The group’s method involves making voice calls to these organizations, presenting a fabricated scenario that convinces recipients to connect an attacker-controlled application to their Salesforce portal. Many recipients have fallen for this ruse, enabling the attackers to access sensitive data.
In a recent development, the group created a website listing 38 companies, including notable names such as Toyota and FedEx, which were supposedly affected by the data breach. The website, which serves as a platform for the ransom demand, asserts that the stolen data could be leaked if Salesforce does not comply with the ransom requirement. The criminals have set a strict deadline for payment, which expires on Friday, October 13, 2023. Salesforce, however, has not engaged in any negotiations with the hackers, reaffirming its policy of not paying ransoms and prioritizing cybersecurity measures over compliance with such demands.
The decision by Salesforce not to pay the ransom has sparked discussions about the broader implications for corporate cybersecurity practices and the increasing sophistication of cybercriminals. Cybersecurity experts suggest that while refraining from ransom payments is a positive stance, companies must also implement robust security measures to prevent such breaches in the first place. The incident has raised concerns about the potential for significant financial and reputational damage for affected companies, with some experts estimating the potential cost of a data breach of this scale to be in the millions of dollars. As the situation continues to develop, the cybersecurity community is closely monitoring the actions of both Salesforce and the ransomware group to assess the impact on global cybersecurity practices and corporate response strategies.