Hackers Claim to Have Accessed Salesforce Cloud Databases

The group published a data leak site on the dark web and is using it to pressure dozens of large companies to pay the group, saying it will not publish their data if they do so, TechCrunch reported Friday (Oct. 3).

Asked about the group’s claims by TechCrunch, a Salesforce spokesperson provided a link to a Thursday (Oct. 2) statement posted on the software company’s site, according to the report.

In that informational message, Salesforce said it is aware of extortion attempts and has investigated those attempts with the help of external experts and authorities.

“Our findings indicate that these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support,” the company said in the message. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.”

Salesforce added that it is monitoring the situation and will provide its security teams to guide and support customers. The company also encourages customers to guard against phishing and social engineering attempts, recommending that they read its blog post on protecting against social engineering.

Google’s Threat Intelligence Group said in an Aug. 5 blog post that one of its Salesforce database systems, used to house contact information and related notes for small and medium-sized businesses, was breached by a hacking group.

“Analysis revealed that data was retrieved by the threat actor during a small window of time before the access was cut off,” Google said in its post. “The data retrieved by the threat actor was confined to basic and largely publicly available business information, such as business names and contact details.”

The blog post said the intelligence group suspected the hackers could be planning to “escalate their extortion tactics” by initiating a data leak site. The company added that it was monitoring the activity.