- Hackers allegedly leaked data from 5 million Qantas customers after failed extortion attempt
- Attackers utilized Salesloft-Salesforce integrations to access and steal customer data
- 44 companies were affected, including Disney, Toyota, McDonald’s and Vietnam Airlines
Australia’s largest airline, Qantas, is one of 44 companies whose sensitive customer data ended up on the dark web. Now, several cyber criminals have easy access to contact and aircraft information about millions of people they can use for phishing, identity theft, fraud and other attacks.
Last summer, a group of hackers who went by the name scattered lapsus $ broke into Salesforce accounts that belonged to hundreds of organizations in various industries -though Salesforce himself was not broken.
The attackers compromised Salesloft accounts that were integrated with Salesforce and utilized the Linked API -Tokens and OAuth connections to turn in Salesforce environments and exfilter customer data.
“Don’t be the next headline”
The group tried to pressure Qantas for money and offer to delete the stolen files in exchange. However, the airline even refused to discuss the matter with attackers and told Guardian Australia that it “will not engage, negotiate with or pay any extortion demand”.
In response, scattered lapsus released $ hunters the stolen files on the dark web. The archive includes personal items of 5 million Qantas customers, including people’s names, e -mail addresses, phone numbers, birth dates and frequent aircraft numbers. Credit card information, financial information and passport information were not stolen, it was said.
“Don’t be the next headline, should have paid ransom,” the group announced on its data leakage.
But apparently, Qantas is not the only company whose data was leaked in this wave. With reference to analysts at Cybersecurity Outfit Intel 471, The Guardian reported that 44 companies were included in the leak and among them are Gap, Vietnam Airlines, Toyota, Disney, McDonald’s, Ikea and Adidas.
Scattered lapsus $ hunters are a group consisting of members of scattered spider, lapsus $ and shinyhunters. Shortly after the violation of Salesloft/Salesforce, they announced “to go dark”, as the Cyber Security Community interpreted as fear of too much advertising. Obviously, it didn’t last long.
Via The Guardian
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
