Salesforce has unequivocally stated that it will neither engage in negotiations nor pay any ransoms to the cyber - threat collective responsible for launching extensive data - theft attacks on its clientele. Furthermore, the company has issued a stern warning to the attackers, asserting that legal proceedings will be initiated if the stolen data is publicly disclosed.

The hacker group, known as 'Scattered Lapsus$ Hunters,' has established a data - leakage website with the intention of extorting 39 companies whose data has been compromised. Among the affected entities are well - known names such as FedEx and Disney. The group boasts of having pilfered close to 1 billion data records and is threatening to make them public unless the targeted companies pay up.

These stolen data records are the result of two separate attacks on Salesforce systems in 2025. In late 2024, the attackers employed social engineering tactics to deceive employees into connecting to malicious OAuth applications, thereby facilitating data theft. Then, in early August 2025, they utilized OAuth tokens stolen from the SalesLoft Drift platform to execute a data - leakage operation.

Members of the hacker group claim to have exfiltrated approximately 1.5 billion data records from over 760 enterprises. Several companies have already confirmed that they have been impacted by these attacks.

The data - leakage website, which recently became operational, was initially used to extort victims of the first wave of attacks. However, it has since been shut down. Interestingly, the DNS server used for its domain name was previously employed by the FBI to seize illegal domain names. BleepingComputer reached out to the FBI for comment, but as of now, has not received any response.