Hackers claim theft of 1 billion records from Salesforce databases. Major firms like Google, Qantas, and TransUnion confirm breaches. FBI says attackers used vishing, not Salesforce vulnerabilities. A ...

You might have recently noticed a wave of cyberattacks hitting companies whose services millions of Americans rely on every day. Among the victims are Google, Farmers Insurance, Allianz Life, Workday, ...

You might have noticed that in the past few months, many companies have disclosed data breaches, including Google, Dior and Allianz, and one name that appeared in most cases was Salesforce. Hackers ...

The FBI seized a BreachForums domain used by the ShinyHunters group as a data leak extortion site for the widespread Salesforce attacks, with the threat actor stating that law enforcement also stole ...

In a near replica of a separate campaign this summer, hackers connected to the ShinyHunters extortion operation have once again breached many organizations' Salesforce instances via a third-party ...

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many ...

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. Salesloft is a widely ...

A threat actor managed to obtain Salesforce OAuth tokens from a third-party integration called Salesloft Drift and used the tokens to download large volumes of data from impacted Salesforce instances.

Salesforce failed to address the massive wave of OAuth breaches at its Dreamforce conference, but securing third-party authentication is paramount for the agentic future it seeks. Salesforce’s 2025 ...