Image by Compare Fibre on Unsplash
When a cybercrime group shows up with nearly a billion stolen records and demands a ransom, you might expect a big tech company to quietly settle. Not this time. Salesforce is taking a stand—and it’s making headlines.
What Happened?
A threat group calling itself “Scattered LAPSUS$ Hunters” claims to have hijacked around 1 billion records from more than 39 Salesforce customers. This group isn’t random—they’re borrowing credibility (and probably techniques) from well-known cyber-extortion groups like Scattered Spider, LAPSuS$, and ShinyHunters.
Back in May, this campaign started with a sneaky trick. Attackers made voice calls to organizations using Salesforce. The callers pretended there was some urgent need to install a custom app, which, of course, they controlled. Unfortunately, many people on the receiving end of the calls trusted them—and let them in.
The result? Massive data theft.
The Group’s Message: Pay Up or the Data Goes Public
Earlier this month, the group launched a public extortion site listing names of major companies targeted, including Toyota and FedEx—plus 37 others.
They claimed to hold 989 million records. That’s nearly one for every person in the U.S. and European Union combined.
Their message to Salesforce was clear: Pay us, and no one else has to. Ignore us, and we start leaking customer data. The deadline? Friday.
Image by Glen Carrie on Unsplash
Salesforce Says Nope
Salesforce, for its part, is refusing to play along. In an email sent Wednesday, the company said:
“Salesforce will not engage, negotiate with, or pay any extortion demand.”
The tech giant had also warned its customers in advance. According to a report by Bloomberg, Salesforce notified clients that it received credible intelligence indicating ShinyHunters was behind the threat to release the stolen data.
Why This Matters
This isn’t just about Salesforce. It’s the latest chapter in a wider rise in data extortion attacks. And it’s raising a big, uncomfortable question: Should companies pay these ransoms?
To put it in perspective, ransomware gangs raked in $813 million last year. That’s actually down from $1.1 billion in 2023, according to security firm Deepstrike. One group pocketed $75 million alone in a single hack targeting the drug distributor Cencora.
The payouts are massive. And the temptation to just “make the problem go away” is real.
But critics, like independent researcher Kevin Beaumont, are calling out this approach. He argues that paying ransoms fuels the cycle, encouraging more attacks.
“Corporations shouldn’t be directly funding organized crime,” Beaumont posted on Mastodon, referring to the UK’s National Crime Agency. “Break the cycle.”
However, he also noted some major organizations report that NCA members have shown up during ransom negotiations. So, it’s not always a black-and-white issue on the ground.
The Bigger Picture
Let’s be honest—it’s getting harder to defend against sophisticated, coordinated extortion like this. Attackers are skipping encryption and going straight to blackmail. That’s even harder to stop and harder to clean up.
Salesforce’s refusal to pay could send a powerful message. Or it might lead to some of their customers’ data surfacing in public leaks. Either way, it’s a turning point that other companies will be watching closely.
So, What Now?
Here’s what we know:
- Salesforce won’t pay the ransom.
- The attackers claim they’ve got nearly a billion records.
- The clock is ticking on the deadline to release customer data.
- And the rest of the tech world is watching how this plays out.
If there’s one takeaway here, it’s this: social engineering—like pretending to be a helpful voice on the phone—is still wildly effective. Even billion-dollar platforms can’t protect you if humans on the inside are tricked.
We’ll keep following this story.
Stay smart. Stay skeptical. And never install an app from a random cold caller.
Image by Claudio Schwarz on Unsplash
Keywords: Salesforce data breach, Scattered LAPSUS$ Hunters, ransomware, data extortion, cybersecurity threats, ShinyHunters, Salesforce hack, cybercrime, tech news, billion record breach
