The FBI has issued a warning about two cybercriminal groups, UNC6040 and UNC6395, that are exploiting Salesforce environments to steal data and extort organizations. These groups have employed various tactics, including social engineering and the use of compromised OAuth tokens, impacting many well-known companies and revealing sensitive information in their attacks. The FBI has released indicators of compromise to help organizations bolster their defenses against these threats.

Scattered Lapsus$ Hunters has initiated a crowdsourced extortion scheme, offering $10 in Bitcoin to individuals who will pressure executives of organizations they claim to have breached into paying ransoms. The group has already reportedly paid out $1,000 and lists 39 alleged victims on its data leak site, threatening further action if demands are not met by a specified deadline. Despite claims of a breach, Salesforce has stated that there is no indication of compromise on its platform.

Google has confirmed that a data breach involving Salesforce's CRM system has occurred, putting customer data at risk. The breach has led to extortion threats against Salesforce, raising concerns about the security of cloud-based services.

Salesforce has refused to pay a ransom demanded by a crime syndicate claiming to have stolen nearly 1 billion records from its customers. The group, known as Scattered LAPSUS$ Hunters, has threatened to leak the data unless Salesforce negotiates a ransom, citing numerous high-profile clients among the victims. Despite the situation's severity, Salesforce has stated it will not comply with the extortion demand.