Hackers responsible for major cyber attacks on Marks & Spencer and Jaguar earlier this year have claimed to have stolen one billion customer records from 39 global companies. The group, calling themselves Scattered Lapsus$ Hunters – an alliance of Scattered Spider, Lapsus$, and ShinyHunters – has allegedly demanded a ransom to be paid by 10 October or threatened to release the stolen data. The cyber criminals claim that major corporations, including Disney, FedEx, Google, Ikea, McDonald’s, Toyota, and Qantas Airways, were affected. They allege that the data was taken from systems hosted by Salesforce, accusing the software company of “criminal negligence” for failing to prevent the breach.
++ Meet the ‘Wolverine frog’ that snaps its own bones to grow claws
Salesforce, however, has denied that its systems were compromised, stating that the breaches resulted from social engineering attacks rather than any technical flaws in its software. “We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities,” a spokesperson said. “Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support.” Social engineering attacks typically involve tricking employees into revealing confidential information, such as login credentials, often through convincing phone calls or emails impersonating IT staff.
The hacking group reportedly shared samples of the stolen data on its Telegram channel, obtained during a months-long campaign targeting firms through social engineering tactics. Google, one of the affected companies, explained in an August blog post that the attackers had successfully breached networks by posing as IT support personnel. This approach was said to be “particularly effective” in English-speaking branches of multinational corporations, leading to the theft of sensitive credentials and Salesforce data.
++ Trump dismisses health rumours as ‘fake news’ during public return
Scattered Spider first gained notoriety after a series of high-profile cyber attacks on telecom companies in 2022, later expanding their operations to industries including finance, gaming, hospitality, and retail. UK victims are said to include M&S and Co-op, with total damages estimated in the hundreds of millions of pounds. A report by cybersecurity consultancy S-RM described the hackers as “predominantly native English-speaking cybercriminals – some as young as 16 – who have emerged from underground hacking communities.” The group is known for manipulating helpdesk staff into resetting employee accounts and for purchasing network access from brokers on the dark web.
