Hackers have launched stolen knowledge belonging to US insurance coverage big Allianz Life, exposing 2.8 million data with delicate info on enterprise companions and clients in ongoing Salesforce knowledge theft assaults.
Final month, Allianz Life disclosed that it suffered a knowledge breach when the private info for the “majority” of its 1.4 million clients was stolen from a third-party, cloud-based CRM system on July sixteenth.
Whereas the corporate didn’t identify the supplier, BleepingComputer first reported the incident was a part of a wave of Salesforce-targeted thefts carried out by the ShinyHunters extortion group.
Over the weekend, ShinyHunters and different risk actors claiming overlap with “Scattered Spider” and “Lapsus$” created a Telegram channel referred to as “ScatteredLapsuSp1d3rHunters” to taunt cybersecurity researchers, legislation enforcement, and journalists whereas taking credit score for a string of high-profile breaches.
Many of those assaults had not beforehand been attributed to any risk actor, together with the assaults on Web Archive, Pearson, and Coinbase.
One of many assaults claimed by the risk actors is Allianz Life, for which they proceeded to leak the entire databases that have been stolen from the corporate’s Salesforce situations.
These information encompass the Salesforce “Accounts” and “Contacts” database tables, containing roughly 2.8 million knowledge data for particular person clients and enterprise companions, resembling wealth administration corporations, brokers, and monetary advisors.
The leaked Salesforce knowledge contains delicate private info, resembling names, addresses, cellphone numbers, dates of delivery, and Tax Identification Numbers, in addition to skilled particulars like licenses, agency affiliations, product approvals, and advertising and marketing classifications.
BleepingComputer has been capable of affirm with a number of folks that their knowledge within the leaked information is correct, together with their cellphone numbers, e mail addresses, tax IDs, and different info contained within the database.
BleepingComputer contacted Allianz Life concerning the leaked database however was instructed that they may not remark because the investigation is ongoing.
The Salesforce data-theft assaults
The Salesforce knowledge theft assaults are believed to have began in the beginning of the yr, with the risk actors conducting social engineering assaults to trick staff into linking a malicious OAuth app with their firm’s Salesforce situations.
As soon as linked, the risk actors used the connection to obtain and steal the databases, which have been then used to extort the corporate by e mail.
Extortion calls for have been despatched to the businesses by way of e mail and have been signed as coming from ShinyHunters. This infamous extortion group has been linked to many high-profile assaults over time, together with these in opposition to AT&T, PowerSchool, and the SnowFlake assaults.
Whereas ShinyHunters is thought to focus on cloud SaaS functions and web site databases, they aren’t recognized for all these social engineering assaults, inflicting many researchers and the media to attribute a number of the Salesforce assaults to Scattered Spider.
Nonetheless, ShinyHunters instructed BleepingComputer the “ShinyHunters” group and “Scattered Spider” are actually one and the identical.
“Like we’ve mentioned repeatedly already, ShinyHunters and Scattered Spider are one and the identical,” ShinyHunters instructed BleepingComputer.
“They supply us with preliminary entry and we conduct the dump and exfiltration of the Salesforce CRM situations. Similar to we did with Snowflake.”
It’s also believed that lots of the group’s members share their roots in one other hacking group generally known as Lapsus$, which was liable for quite a few assaults in 2022-2023, earlier than a few of their members have been arrested.
Lapsus$ was behind breaches at Rockstar Video games, Uber, 2K, Okta, T-Cell, Microsoft, Ubisoft, and NVIDIA.
Like Scattered Spider, Lapsus$ was additionally adept at social engineering assaults and SIM swap assaults, permitting them to run over billion and trillion-dollar corporations’ IT defenses.
Over the previous couple of years, there have been many arrests linked to all three collectives, so it is not clear if the present risk actors are previous risk actors, new ones who’ve picked up the mantle, or are merely using these names to plant false flags.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration traits.
