New Extortion Portal Leaks Stolen Salesforce Data

A hacker collective has launched an extortion portal following a massive supply chain attack that compromised Salesforce data from hundreds of companies. The attackers exploited a third-party integration provider, stealing OAuth tokens to gain widespread access to customer information. This sophisticated campaign combined social engineering and the abuse of stolen API tokens to exfiltrate sensitive business data at scale. The new portal now lists victims and threatens to publish their stolen data unless a ransom is paid. The incident serves as a stark reminder of the critical need for robust API security, token management, and vigilant third-party risk assessment.

Latest mentioned: 10-07

Earliest mentioned: 10-06

Sources

cyberscoop.com gbhackers.com cybersum.net

Also Read

Sophisticated Malware Targets WordPress E-commerce Sites

The Wordfence Threat Intelligence Team has discovered a complex malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as a rogue plugin, employs advanced encryption, fake images, and remote command access for persistent exploitation. It logs user credentials, establishes backdoors, and injects JavaScript skimmers into checkout pages to steal credit card data. The campaign is attributed to Magecart Group 12, known for their persistent credit card skimming activities.

10-31Read more →