The Scattered LAPSUS$ Hunters extortion group has leaked millions of records allegedly stolen in a recent campaign targeting Salesforce customers.
The leak occurred days after the group, an offshoot of the notorious Lapsus$, Scattered Spider, and ShinyHunters hackers, claimed the theft of data from 39 Salesforce customers, threatening to leak it unless the CRM provider pays a ransom.
Salesforce, which stated that the extortion attempt is related to “past or unsubstantiated incidents”, refused to pay, and the hackers have published on their Tor-based leak site data allegedly pertaining to Albertsons, Engie Resources, Fujifilm, GAP, Qantas, and Vietnam Airlines.
The threat actors also provided links to the leaked data to paying users on a surface-web forum, and then published the data for free on another clear-net website.
In a statement on its website, Qantas, which obtained a court injunction to block access to the allegedly stolen information, confirmed it was analyzing the leak with the help of cybersecurity experts.
In July, the Australian airline said roughly 6 million customers might have been affected in the incident, after the attackers hit a third-party platform used by one of its contact centers and exfiltrated names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
“In July Qantas proactively advised all impacted customers of the types of their personal data that was contained in the impacted system and this has not changed,” the company said.
According to data breach notification service Have I Been Pwned, Scattered LAPSUS$ Hunters has just leaked data associated with roughly 7.3 million Vietnam Airlines accounts.
The information was apparently stolen from the company’s Salesforce instance in June this year and includes names, email addresses, phone numbers, dates of birth, and loyalty program details.
Albeit the hackers had named 39 victims and claimed to have stolen data from many other (unnamed) organizations, they leaked the data of only six victims.
When asked by followers on their Telegram channel of the remaining data, Scattered LAPSUS$ Hunters reportedly said it “can’t leak” any more data.
The hackers told DataBreaches.net that some of the victim organization had paid a ransom but asked them not to remove their names from the leak site, “so they can protect themselves”. However, there’s no proof of that happening.
Ultimately, it is unclear why only six victims had their data leaked, but hackers in the past have been seen falsely claiming the possession of stolen data.
Last week, Scattered LAPSUS$ Hunters also claimed the theft of 19 million personal records from Australia telecommunications company Telstra, but the company quickly refuted the claim.
“We’ve investigated it, and the data has been scraped from public sources not Telstra systems. No passwords, banking details or personal identification data like driver’s license or Medicare numbers are included,” Telstra said.
Related: Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach
Related: Data Breach at Doctors Imaging Group Impacts 171,000 People
