{"id":6582,"date":"2025-10-07T22:54:46","date_gmt":"2025-10-07T21:54:46","guid":{"rendered":"https:\/\/villpress.com\/?p=6582"},"modified":"2025-10-07T22:54:46","modified_gmt":"2025-10-07T21:54:46","slug":"salesforce-rejects-hacker-ransom","status":"publish","type":"post","link":"https:\/\/villpress.com\/fr\/salesforce-rejects-hacker-ransom\/","title":{"rendered":"Salesforce Rejects Hacker Ransom After Massive Data Breach"},"content":{"rendered":"<p><a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/villpress.com\/goto\/http:\/\/salesforce.com\/\">Salesforce<\/a> has made it clear, it won\u2019t bow to cybercriminals. The cloud computing giant announced on Tuesday, October 7, 2025, that it will not pay ransom to hackers responsible for a massive data breach exposing close to one billion customer records from dozens of major corporations.<\/p>\n\n\n\n<p>The attack, carried out by a hacker collective known as <em>Scattered Lapsus$ Hunters<\/em>, has shaken the enterprise software world. The group has threatened to release stolen data from 39 companies if Salesforce doesn\u2019t comply with its demands before the October 10 deadline.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A Sophisticated Supply Chain Attack<\/h2>\n\n\n\n<p>Security experts say the breach is among the most significant supply chain attacks in years. Interestingly, Salesforce\u2019s own systems were not directly compromised. Instead, the hackers exploited third-party integrations using OAuth tokens, particularly through Salesloft\u2019s Drift AI chatbot, to infiltrate Salesforce environments.<\/p>\n\n\n\n<p>According to a recent FBI flash alert, the attackers employed <em>vishing<\/em> (voice phishing) techniques, pretending to be IT personnel to trick employees into granting access to malicious applications inside company portals. The FBI warned that this method \u201cbypasses many traditional defenses such as MFA, password resets, and login monitoring.\u201d<\/p>\n\n\n\n<p>Between August 8 and 18, 2025, Google\u2019s Threat Intelligence Group reported that hackers leveraged compromised OAuth tokens to extract sensitive information, including AWS keys, Snowflake tokens, and user passwords, from Salesforce databases. Although they attempted to erase traces of their activity, audit logs captured key evidence for investigators.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Major Global Brands Affected<\/h2>\n\n\n\n<p>A dark web leak site launched on October 3 lists big names among the victims: Toyota, Disney, FedEx, Cisco, Google, Workday, and luxury brands such as Dior and Chanel. Cybersecurity firms like Cloudflare, Zscaler, and Palo Alto Networks have also confirmed being affected.<\/p>\n\n\n\n<p>Hackers claim to hold more than 1.5 billion records spanning 760 companies, including 254 million accounts and 579 million contacts. Reports suggest that firms like TransUnion, Workday, and Google have already acknowledged breaches linked to Salesforce integrations this year.<\/p>\n\n\n\n<p>Experts fear the exposed data could lead to targeted phishing campaigns, identity theft, and AI-driven attacks in the coming weeks.<\/p>\n\n\n\n<p>Also read: <a href=\"https:\/\/villpress.com\/salesforce-data-breach-2025-what-you-need-to-know-to-protect-your-business\/\">Salesforce Data Breach 2025: What You Need to Know to Protect Your Business<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Hackers Target Salesforce Directly<\/h2>\n\n\n\n<p>What makes this case even more alarming is the hackers\u2019 unusual strategy; they\u2019re demanding Salesforce itself pay to safeguard its customers\u2019 data. Their message on the extortion site reads, \u201cContact us to regain control of data governance and prevent public disclosure.\u201d<\/p>\n\n\n\n<p>Brian Soby, CTO of AppOmni, called the move \u201cthe first known instance where hackers threaten to use existing litigation against a software vendor as leverage.\u201d The group claims it will assist law firms pursuing GDPR lawsuits against Salesforce if its demands are ignored.<\/p>\n\n\n\n<p>Salesforce, however, remains resolute. The company stated that there is \u201cno evidence\u201d its core platform was compromised and described the ransom demand as tied to \u201cpast or unsubstantiated incidents.\u201d Salesforce continues to assist affected customers while working closely with cybersecurity agencies worldwide.<\/p>\n\n\n\n<p>With the ransom deadline looming, experts warn that the coming days could determine the scale of the fallout, and whether Salesforce\u2019s refusal marks a defining moment in corporate resilience against cyber extortion.<\/p>","protected":false},"excerpt":{"rendered":"<p>Salesforce has made it clear, it won\u2019t bow to cybercriminals. The cloud computing giant announced on Tuesday, October 7, 2025, that it will not pay ransom to hackers responsible for a massive data breach exposing close to one billion customer records from dozens of major corporations. The attack, carried out by a hacker collective known [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6583,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[529],"tags":[528],"ppma_author":[331],"class_list":{"0":"post-6582","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cybersecurity","8":"tag-salesforce-data-breach-2025"},"authors":[{"term_id":331,"user_id":1,"is_guest":0,"slug":"pastakutmanwen","display_name":"Villpress Insider","avatar_url":{"url":"https:\/\/villpress.com\/wp-content\/uploads\/2025\/05\/Logo.png","url2x":"https:\/\/villpress.com\/wp-content\/uploads\/2025\/05\/Logo.png"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/posts\/6582","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/comments?post=6582"}],"version-history":[{"count":1,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/posts\/6582\/revisions"}],"predecessor-version":[{"id":6584,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/posts\/6582\/revisions\/6584"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/media\/6583"}],"wp:attachment":[{"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/media?parent=6582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/categories?post=6582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/tags?post=6582"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/villpress.com\/fr\/wp-json\/wp\/v2\/ppma_author?post=6582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}