Balenciaga and Gucci Targeted by ‘Salesforce Hacking Group’ – Which ‘Boasts 1.5B Records Now Stolen’


The ShinyHunters group thought to be behind the recent wave of Salesforce social engineering hacks may have stolen the private information of millions of Balenciaga, Gucci, and Alexander McQueen customers, reports say. 

Names, email addresses, phone numbers, addresses, and the total amount spent in the luxury stores worldwide were stolen in the incident – but no financial information, according to the BBC, which said that a small sample of the stolen data was shared with them via Telegram as proof. 

ShinyHunters reportedly told BBC News that they breached the luxury brands in April through parent company Kerig. 

Separately, the hacking collective claims to have stolen more than 1.5B Salesforce records from 760 companies through the use of compromised Salesloft Drift OAuth tokens. 

Customer Data Compromised

Kerig has reportedly disclosed the incident to data protection authorities. Salesforce Ben has contacted the company for comment. 

BBC News says that ShinyHunters claims to have data linked to 7.4M unique email addresses.

The total amount of money a person has spent with each brand is included in the compromised data, it is understood. 

Earlier this month, we reported how Salesforce had re-enabled integrations with Salesloft technologies, apart from Drift, after the application was targeted in a hacking campaign.

On August 28, Salesforce had announced that it had disabled the connection between Salesloft’s Drift app in response to a “recent security incident” – referring to the data theft attack which saw hackers target Salesforce instances through compromised OAuth tokens associated with Salesloft Drift.

In an update later that day, Salesforce said it had disabled all integrations with Salesloft technologies. This meant organizations would not be able to connect to Salesforce via any Salesloft apps “until further notice”. 

Then, in an update posted on September 7, Salesforce said that they had re-enabled integrations with Salesloft technologies, “with the exception of any Drift app”. Salesloft said in a post that same day that an investigation carried out by cyber defense specialists Mandiant suggests that “the incident has been contained”.

BleepingComputer reported that ShinyHunters told them that hackers stole roughly 1.5B data records from Salesforce object tables, including: 

  • 250M ‘Account’
  • 579M ‘Contact’ 
  • 459M ‘Case’ 
  • 171M ‘Opportunity’
  • 60M ‘User’

The Case tables may include sensitive information like text from support tickets, it is understood. 

Salesforce Ben has contacted Salesloft for comment. 

Final Thoughts 

Salesforce has consistently stressed that vulnerabilities do not come from its own platform, but news of hacking campaigns in and around the ecosystem is far from ideal for the cloud giant. 

You can monitor our hub post on the topic, which will be updated as news emerges, here.

Leave a Reply

Your email address will not be published. Required fields are marked *