ShinyHunters
-
FBI warns of UNC6040 and UNC6395 hackers targeting Salesforce to steal data and extort victims
The FBI has issued a FLASH alert about UNC6040 and UNC6395 hacking groups that are compromising Salesforce environments to steal data and extort victims, releasing IOCs to aid defense efforts across organizations and multiple cloud platforms.
-
Wealthsimple reports data breach affecting under 1% of customers; breach tied to third‑party software in suspected supply‑chain attack
Wealthsimple disclosed a data breach affecting less than 1% of its customers, with attackers accessing personal data but not funds or passwords. The breach is linked to a compromised third-party software package and is being treated as part of a broader Salesloft supply-chain attack. The firm is offering two years of free credit monitoring and…
-
Public appsettings.json leak exposes Azure AD credentials, enabling potential cloud access
Researchers from Resecurity’s HUNTER team warn that a publicly accessible appsettings.json file leaked Azure AD credentials (ClientId and ClientSecret), potentially enabling attackers to authenticate via OAuth 2.0 and access an organization’s Azure cloud resources; the incident underscores the ongoing risk of cloud-secret exposure and the need for strong secret-management practices.
-
Salesloft breach linked to theft of Drift OAuth tokens used to access Salesforce, Google says UNC6395 behind attack
Hackers breached Salesloft to steal Drift OAuth and refresh tokens used for Salesforce integration, enabling data exfiltration from customer environments. Google’s threat intelligence assigns UNC6395 to the activity and notes credential theft across cloud services, with administrators urged to rotate credentials and reauthenticate Drift-Salesforce connections.
-
Workday says data breach tied to Salesforce-related social engineering campaign, broader breach wave observed
Workday disclosed a data breach after attackers gained access to a third-party CRM platform via a social engineering campaign. While customer tenants were not affected, some business contact information was exposed. The incident appears linked to a broader Salesforce data-theft campaign attributed to the ShinyHunters group, with Workday noting the discovery on August 6.
-
Google Confirms Data Breach Linked to Ongoing Salesforce Attacks
Google has confirmed that it suffered a data breach linked to the ShinyHunters extortion group, amidst an ongoing series of Salesforce data theft attacks that have implicated multiple high-profile companies.
-
Chanel Faces Data Breach Amid Ongoing Salesforce Security Threats
Chanel has confirmed a data breach impacting U.S. customers, linked to a series of ongoing Salesforce data theft attacks. The breach has raised concerns about security practices within the fashion industry as companies increasingly fall prey to sophisticated cyber threats.
-
Allianz Life Reports Data Breach Affecting Majority of Customers
Allianz Life confirms a data breach that has compromised the personal information of the majority of 1.4 million customers, linked to the ShinyHunters extortion group.
-
French Police Arrest Five Alleged BreachForum Operatives in Major Cybercrime Crackdown
French authorities have arrested five suspected operators of the BreachForum cybercrime forum, known for its role in trading stolen data affecting millions of individuals. The arrests were made during police raids in multiple regions.
-
Google Warns of Data Extortion Attacks Targeting Salesforce Accounts
Google has alerted companies using Salesforce to the rise of social engineering attacks targeting their platforms, warning that hackers claiming affiliation with the ShinyHunters extortion group are using advanced phishing tactics to steal sensitive data.
