ShinyHunters Leak Alleged Data From Qantas, Vietnam Airlines and Other Major Firms (hackread.com)
- Reference: 0179774472
- News link: https://yro.slashdot.org/story/25/10/14/0113254/shinyhunters-leak-alleged-data-from-qantas-vietnam-airlines-and-other-major-firms
- Source link: https://hackread.com/shinyhunters-leak-data-qantas-vietnam-airlines-others/
> On October 3, 2025, Hackread.com published an in-depth report in which hackers claimed to have [2]stolen 989 million records from 39 major companies worldwide by exploiting a Salesforce vulnerability. The group demanded that Salesforce and the affected firms enter negotiations before October 10, 2025, warning that if their demands were ignored, they would release the entire dataset. The hackers, identifying themselves as "Scattered Lapsus$ Hunters," a collective said to combine elements of Scattered Spider, Lapsus$, and ShinyHunters, have now published data allegedly belonging to 6 of the 39 targeted companies.
>
> The companies named in the leak are as follows: Fujifilm, GAP, INC., Vietnam Airlines, Engie Resources, Quantas Airways Limited, and Albertsons Companies, Inc. In all 6 leaks, the record contains personal details of customers, business, including email addresses, full names, addresses, passport numbers, phone numbers.
The hackers said on Telegram that they will not be releasing any additional information, stating, "A lot of people are asking what else will be leaked. Nothing else will be leaked. Everything that was leaked was leaked, we have nothing else to leak, and obviously, the things we have cannot be leaked for obvious reasons."
[1] https://slashdot.org/~schwit1
[2] https://hackread.com/shinyhunters-leak-data-qantas-vietnam-airlines-others/
Obvious Obviously. (Score:5, Insightful)
> ”..Everything that was leaked was leaked, we have nothing else to leak, and obviously, the things we have cannot be leaked for obvious reasons."
Can you say that again, but dumber? So it makes even less sense? For obvious reasons, obviously.
Curious if me taking a piss is considered a “leak” from the threatscape making it as clear as mud shit.
Good on them for not paying (Score:2)
I want to know who did pay the ransom, so we can boycott *them*, for encouraging this behaviour.
Re: (Score:2)
I'd like to know how much blame each of these companies deserves. It seems that the hack was actually Salesforce customers being socially engineered to give the hackers access to their accounts. Obviously some training needed there, but was it a flaw in the Salesforce software's design? There was a bank hack many years ago where the social engineering relied on how the software would ask for certain information at certain times to get the target to give out the needed credentials, i.e. it was a flaw in the
Re: (Score:2)
> I'd like to know how much blame each of these companies deserves
For paying a ransom?
I can do that (Score:2)
Allegedly. Any data you want.
Re: (Score:3)
How much for the Epstein Files?
"exploiting a Salesforce vulnerability" (Score:3)
Weren't these breaches achieved by stealing auth tokens from the AWS environment of a non-Salesforce third party? Seems unfair to call this a "Salesforce vulnerability".
[1]How the Salesforce breaches unfolded: root causes identified [cybernews.com]
[1] https://cybernews.com/security/massive-salesforce-breach-campaign-started-on-github/?utm_source=chatgpt.com
Data Brokers (Score:2)
At this point, if I was running a data broker company, I'd be hoping that these companies don't pay because these hackers are doing their work for them, i.e. collecting data, albeit illegally. These data broker companies should just be siphoning all this leak data and going through it and aggregate into their system so they can make their existing system better.
I wonder (Score:2)
Did they first purge records about their own members? And I don't think what else they can't leak is obvious, at least not to me.
Re: (Score:2)
My thought exactly. On the other hand, that would make it easy to see who they are. Just grab the contents of the system at the stated timestamp, compare it to the leaked data, and see who is missing. So I think they withheld a bit more than just the data about themselves.
Re: (Score:2)
Maybe the obvious reason to withhold some records is so that the hackers can continue to attempt to extort the other organizations from which they retrieved data.
They could also have just deleted enough random rows to make it very difficult to determine the individuals involved.
And anyway, who's even investigating? Do insurance detectives even exist anymore? Hasn't the Consumer Financial Protection Bureau been de-funded? This kind of hack seems like credit card fraud these days: just a cost of doing b
Re: (Score:2)
Another obvious reason could be that the other companies paid or are negotiating, though I expect the pressure could be on Salesforce or Amazon (my understanding of the underlying host), depending on the point of compromise, which I didn't research.
But why anyone would trust criminals to delete records after payment is beyond me. If the records have any actual value, they could still be sold indiscreetly, or held for future use, or used.
I'm clearly way out of my depth here and can only speculate.