Cyber Analysis Group - CyberAGroup - OSINT Darkweb Investigations  - Insider Threat - Crypto - Online threat & exposure - SOCMINT - Canadian

‹ Back

The Salesforce data leak involved unauthorized access to Salesforce customer cloud instances. The group responsible, Scattered LAPSUS$ Hunters, claimed to have "989.45m/~1B+ records" from companies including Toyota, FedEx, Google, Walgreens, Adidas, Disney/Hulu, and others.

Initially, Scattered LAPSUS$ Hunters released data from six companies: Qantas, Vietnam Airlines, Albertsons, GAP, Fujifilm, and Engie Resources after their unsuccessful ransomware attempt against Salesforce.

Currently, a user on a Dark web forum is offering to sell data from an "exclusive Adidas Salesforce breach" which "contains 2.3 million customer records". The same user is also offering "an exclusive Chanel partial breach from the 2025 Salesforce compromise by Scattered LAPSUS$ Hunters" which "contains 1.1M customer records".

While it was initially hoped that the compromise was limited to the six companies whose data was disclosed, if the potential sale of Adidas and Chanel data is legitimate, more damaging disclosures are likely forthcoming.