Salesforce Stands Firm, Refuses to Pay Ransom After Billion-Record Breach

SAN FRANCISCO – Salesforce has declared it will not negotiate with a cybercrime group ⁣that claims to have stolen approximately one billion ‌records from dozens of its customers. The threat group, known as Scattered LAPSUS$ Hunters, ⁣demanded a ransom payment from Salesforce, threatening ‍to leak the stolen data if their demands‌ weren’t met.

The breach originated with voice calls initiated in May, ‍according ​to a ​report from Google-owned Mandiant. These calls targeted organizations utilizing the Salesforce platform. Attackers, speaking English, reportedly‍ used social engineering tactics to​ convince employees to connect an attacker-controlled ⁤submission to⁢ their Salesforce ​portals. Mandiant noted that a important number of recipients complied⁤ with these requests.

Earlier this month, ​Scattered LAPSUS$ Hunters publicly⁣ named several affected companies, including Toyota and FedEx, along with 37 ​others, on a dedicated ⁤website. The group claims to have recovered ​”989.45m/~1B+” records. The website explicitly stated, “Nobody else will have to pay us, if you pay, ‌Salesforce, Inc.” ‍and set a payment deadline of Friday.

Salesforce has confirmed the breach and its refusal to ⁤pay the ransom.The company’s⁣ decision reflects a growing trend among ‍major corporations to resist paying extortion demands, even in the face of substantial data compromises, to avoid incentivizing further⁣ attacks.

This incident underscores⁢ the increasing sophistication of cybercriminals and the ‌vulnerability of even large, well-protected organizations to​ social‌ engineering attacks. ⁣ ​Experts warn that businesses must prioritize employee training and robust security protocols to mitigate the risk of similar breaches.