Hackers Claim Theft of Nearly 1 Billion Salesforce Records in UK Retail Attacks
News Mania Desk / Piyal Chatterjee / 4th October 2025
A hacker group known as Scattered LAPSUS$ Hunters has claimed responsibility for stealing nearly one billion records from Salesforce by targeting multiple UK retailers. The group, reportedly affiliated with the broader LAPSUS$ cybercrime network, says it accessed extensive personal information not through a direct breach of Salesforce itself but via social engineering tactics aimed at the company’s users.
The hackers allegedly employed methods such as vishing—voice-based phishing—and manipulated customer support staff into installing malicious tools, including a tampered version of Salesforce’s Data Loader, which allowed them to extract bulk data. On Friday, the group launched a dark web leak site listing around 40 organizations it claims to have compromised. While the figures are staggering, the authenticity of the purported billion-record haul has not been independently verified, and it remains unclear whether all listed companies are Salesforce clients.
Salesforce has denied any breach of its platform, stating there is “no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.” Despite this, cybersecurity experts are closely monitoring the situation. Google’s Threat Intelligence Group tracks the group under the designation UNC6040 and has previously flagged its social-engineering tactics.
Scattered LAPSUS$ Hunters has also claimed responsibility for previous cyberattacks on British retailers, including Marks & Spencer, Co-op, and Jaguar Land Rover. The stolen information reportedly includes personally identifiable data, raising concerns about potential identity theft and fraud.
Security specialists are advising organizations using Salesforce to review their security protocols, implement stricter verification procedures, and educate employees on recognizing phishing and other social-engineering attacks. The incident underscores the growing threat posed by cybercriminal groups exploiting human vulnerabilities rather than technical flaws, highlighting the importance of vigilance and robust internal controls in protecting sensitive corporate and customer data.
