Google, Dior hit in massive Salesforce credential theft data attacks

You may have noticed that in the past few months, several companies have disclosed data breaches, including Google, Dior, and Allianz, and one of the names that came up in the most cases was Salesforce. The hackers did not directly penetrate the company’s networks or exploit vulnerabilities in Salesforce’s core software. Instead, they targeted tools and the people around them by tricking employees into giving them access, hacking third-party apps, and abusing excessively public permissions.

Once inside, they exfiltrated sensitive data from Salesforce environments on an unprecedented scale. Nearly a billion records have been stolen across dozens of organizations, and now cybercriminals are blackmailing victims by threatening to release the data unless a huge ransom is paid. Let’s take a look at the recent Salesforce incidents in detail and why this is such a big problem.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — Free when you join my country CYBERGUY.COM/NEWSLETER

Jeep and Chrysler parent Stellantis confirm a data breach occurred

Hackers are using stolen Salesforce credentials as a weapon to access company secrets. (Reuters/Brendan McDiarmid)

Why Salesforce is the perfect target

Salesforce isn’t just something else Cloud platform. It is the backbone of how thousands of companies manage their relationships with their customers. The platform powers everything from sales pipelines and marketing campaigns to ticket support and partner communications. Banks use it to track customer accounts, airlines rely on it to manage frequent flyer programs, and retailers store customer purchase histories and loyalty data inside it. In many organizations, Salesforce is at the center of daily operations, acting as a single system that touches sensitive information across departments.

For this reason, the scale of these violations is so large. A successful attack on a Salesforce instance becomes a window into a Company clientsBusiness strategy and internal operations. For cybercriminals, the potential gains are enormous, and recent events have shown just how much damage they can cause without compromising a company’s core network.

The violations hit companies in various sectors, from Adidas and Allianz to Qantas, Google and Pandora Jewellery. Attackers often use voice phishing calls or real-life fake apps to manipulate Salesforce administrators into installing malware. This allowed them to steal OAuth tokens and query data directly from customer relationship management (CRM) systems, a technology associated with groups like ShinyHunters.

Other attacks originated from compromised third-party integrations. One of the most malicious was a chatbot tool called Drift, where stolen tokens gave attackers access to Salesforce instances at hundreds of companies.

The repercussions were enormous. Coca-Cola’s European division lost more than 23 million customer relationship management records, while Farmers Insurance and Allianz Life reported breaches affecting more than 1 million customers each. Even Google admitted that the attackers gained access to the Salesforce database used to advertise leads.

Transunion becomes the latest victim in a major wave of cyber attacks linked to Salesforce, with 4.4 million Americans affected

Big brands like Google, Dior and Allianz are among the companies caught up in the data fallout. (Kurt “CyberGuy” Knutson)

Exploiting weak links in the ecosystem

It’s harder to hack firewalls or exploit technical vulnerabilities, but it’s much easier to manipulate people. Attackers have figured this out, and are now focusing their efforts on human behavior and the less protected edges of cloud ecosystems. Employees with administrative privileges are often tricked into allowing malicious applications, while the default permission settings allow those applications to run undetected.

Once they have the data, Hackers He didn’t simply try to sell it. They used it as leverage. Earlier this month, a loosely organized cybercrime group known by names like Lapsus$, Scattered Spider, and ShinyHunters launched a dedicated data leak site on the dark web, threatening to release sensitive information unless victims paid a ransom.

As reported, the site was designed to pressure companies to pay money to prevent their stolen data from being published. One message on the site says: “Contact us to take back control of the management of your data and prevent public disclosure.” “Don’t be the next address. All communications require strict verification and will be treated with caution.”

The leak website lists several alleged victims, including FedEx, Hulu (owned by Disney), and Toyota Motors. It is also unclear whether some organizations known to have been hacked but not listed on the site paid ransoms to prevent their data from being published.

Farmers Insurance data breach exposes 1.1 million Americans

Cybercriminals are now blackmailing victims online, threatening to leak billions of stolen records. (Kurt “CyberGuy” Knutson)

Salesforce response

Salesforce told Cyberguy that it is “aware of recent extortion attempts by threat actors” and will not handle, negotiate with, or pay any extortion requests. A company spokesman made the following statement:

“We are aware of recent extortion attempts by threat actors, which we investigated in partnership with external experts and authorities. Our findings indicate that these attempts relate to prior or unconfirmed incidents, and we remain engaged with affected customers to provide support. At this time, there is no indication that the Salesforce platform has been compromised, and this activity is not related to any vulnerability Known in our technology.”

6 steps you can take to protect your data

You might think that such a breach is a problem for the company, or a problem for the IT teams Cyber ​​security experts To deal with it. However, when attackers gain access to platforms like Salesforce, the data they are looking for is usually not company-specific. It’s yours. Your contact details, purchase history, support tickets, and even private conversations can fall into the wrong hands. Once this happens, the risks no longer remain confined to one company. For this reason, it pays to take some proactive steps now, even if the company has not contacted you about an incident yet.

1) Lock your accounts now

If you have interacted with any of the companies mentioned in the breach, or suspect that your data may have been part of them, change your passwords for those services immediately. Better yet, use a password manager to create strong, unique passwords for each site. A good tool will also alert you if any of your credentials appear in future data leaks.

Next, check if your email has been exposed in previous breaches. Our #1 password manager pick has a built-in penetration scanner that checks if your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

2) Turn on two-factor authentication

Even if your password is stolen, you can use two-factor authentication (2FA) It adds a crucial extra layer of security. Enable it for your email, banking apps, cloud storage, and any service you provide. It’s one of the simplest ways to prevent attackers from taking over your accounts using stolen credentials.

3) Use a personal data removal service

Even if your data is part of a hack, you can still limit the amount of data circulating online. Personal data removal services scan and delete your personal information from data broker sites that sell or share your data without consent. These brokers often trade names, addresses, phone numbers and even purchase records, the same type of data leaked in the breaches linked to Salesforce.

By removing your records from these public databases, you make it much more difficult for scammers, identity thieves, and marketers to find or misuse your information. Many services, like Incognito, handle the entire opt-out process automatically and continue to monitor to ensure your data is removed.

While no service can guarantee complete removal of your data from the Internet, a data removal service is truly a smart choice. It’s not cheap, and neither is your privacy. These services do all the work for you by systematically monitoring and scraping your personal information from hundreds of websites. This gives me peace of mind and has proven to be the most effective way to clear your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches to information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com.

Get a free check to see if your personal information is already on the web: Cyberguy.com.

4) Detect and stop targeted phishing attacks

Attackers with CRM data often know more about you than a typical scammer. They may reference previous purchases, support instances, or other personal details to make their messages appear legitimate. Treat unexpected emails, texts or phone calls with suspicion, especially if they include links or requests for payment.

The best way to protect yourself from malicious links is to install powerful antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for Windows, Mac, Android, and iOS at Cyberguy.com.

5) Use identity monitoring tools

Data breaches don’t always result in immediate damage. Sometimes, criminals remain on stolen data for months before using it. These services can constantly monitor the Dark Web for your personal information and notify you if your data appears in new leaks. This gives you time to act before problems get worse.

Identity theft companies can monitor personal information such as your Social Security number (SSN), phone number, and email address, and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.

Check out my tips and top picks on how to protect yourself from identity theft at Cyberguy.com.

6) Know your rights

If you believe your data has been disclosed, companies are legally obligated in most areas to inform you. Do not hesitate to contact them directly and ask about the details of what was stolen and the steps they are taking to protect affected customers. The more pressure users exert, the more likely companies are to tighten security practices.

CLICK HERE TO GET THE FOX NEWS APP

Key takeaway for Kurt

Attackers can expose your personal data even if you are careful. They have access to company cloud environments and can see customer names, emails, purchase history, and other sensitive details. For users, this means that it is necessary to remain vigilant. Criminal groups use this stolen information to launch targeted phishing attacks, open fake accounts, or impersonate you elsewhere. Some even compared the leaked Salesforce data with information from previous breaches to create worryingly complete profiles of their victims.

Should companies face tougher penalties for stealing sensitive customer data? Let us know by writing to us at Cyberguy.com.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — Free when you join my country CYBERGUY.COM Newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.