ShinyHunters launches 'Trinity of Chaos' Salesforce leak site, 39 victims listed
Financially-motivated cybercrime collective active since April 2020, responsible for some of the largest data-theft and extortion incidents of the post-2020 era. Operationally blends credential-stuff…
Summary
Operators self-styling as 'Scattered Lapsus$ Hunters' — an explicit cross-brand merger of ShinyHunters, Scattered Spider, and Lapsus$ — launched a Salesforce-themed data- leak site naming 39 victim companies and claiming 1B+ stolen records in aggregate. Confirmed names on the site included Disney/Hulu, Toyota, Adidas, FedEx, Marriott, Google, Cisco, McDonald's, Walgreens, Instacart, HBO Max, Cartier, Air France-KLM, IKEA, TransUnion (4.4M consumer records), and others. Initial access vectors split between malicious-OAuth-app social engineering and exploitation of misconfigured public-facing Salesforce sites. The U.S. government later seized the leak-site domain; victim additions continued through Q1 2026.