- Shinyhunters claim theft of 1.5 billion items from 760 global companies
- Attackers utilized GitHub -Secrets to access Sensitive Salesforce Object Tables
- FBI released warnings when hacker groups announced that they “turned dark
Shinyhunters have finally revealed how much data it stole in Salesloft / Salesforce attack and claimed to have taken 1.5 billion items from 760 companies worldwide.
In March 2025, threat players from three groups went: Shinyhunters, Lapsus $ and spread spider together and violated Salesloft’s GitHub archive containing the company’s source codes. Using Trufflehog Malware, they scanned the code for secrets and found OAuth -Tokens for Salesloft Operation and Operation -e -Mail platforms.
From there, they were able to access different Salesforce object tables that belonged to different companies. These tables, labeled “Account”, “Contact”, “Case”, “Opportunity” and “User”, contained all sorts of sensitive files that attackers managed to exfilter.
Waiting for confirmation
The majority (579 million) is from the contact table. Case was the second largest compromised table with 459 million items, followed by account (250 million), contact (171 million), option (171 million) and user (60 million).
To prove their claims, Shinyhunters shared a text file showing the source coding folders. So far, Salesforce has not commented on these claims.
We have reached Salesforce and update the article if we hear back – and a source told Bleeping computer that the numbers are accurate.
Whether the criminals throw away more than they can chew is to see.
Following the incident, the FBI issued a security advice, companies warned about UNC6040 and UNC6395 (how it tracks the groups) and shares well -known compromise indicators (IOC).
At the same time, the groups announced that they “got dark”, as some cyber security companies interpreted when they were afraid of the rising attention they have received.
If these claims turn out to be true, this would also put the incident on par with 2023 Moveit Managed File Transfer (MFT) Fiasco, which affected thousands of organizations and millions of users around the world.
Via Bleeping computer
