A cybercriminal alliance known as Scattered Lapsus$ Hunters - comprised of the notorious Scattered Spider, Lapsus$, and ShinyHunters groups - is now claiming to have stolen 1 billion customer records from 39 major companies, including household names like Google, Disney, Ikea, and McDonald’s. The group has issued a ransom deadline of October 10th and is threatening to release the stolen data if payment is not made. Much of the stolen information was allegedly accessed through systems hosted by Salesforce, which the hackers accuse of "criminal negligence." However, Salesforce denies any breach of its platform, instead attributing the incidents to sophisticated social engineering attacks targeting its customers.

These attacks involved the hackers impersonating IT support staff in convincing phone-based scams, successfully tricking employees into providing login credentials and system access. Google detailed in a blog post how this method allowed attackers to gain entry into corporate networks and exfiltrate sensitive Salesforce data. Victims span multiple industries, and the damage caused by this group is estimated to be in the hundreds of millions of dollars.

This incident underscores the critical importance of comprehensive visibility across all layers of an organization’s digital environment. Defending against threats of this magnitude requires more than endpoint protection or user training - it demands a layered approach that includes deep packet inspection (DPI), intrusion detection systems (IDS), and centralized log collection in a unified platform like NIKSUN. These tools help security teams detect anomalies, trace attack paths, and respond rapidly to intrusions, especially when attackers bypass technical defenses through social engineering. Full-stack visibility across networks, infrastructure, endpoints, and applications is essential to identifying threats in real time and minimizing the damage of increasingly sophisticated cyberattacks. Read more about this story on our LinkedIn page