ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH

A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. These breaches have also caused confusion among the cybersecurity community and the media, including BleepingComputer, with the attacks attributed to Scattered Spider (tracked by Mandiant as UNC3944), as those threat actors were also targeting the aviation, retail, and insurance sectors around the same time and demonstrated similar tactics. The attacks have not led to public extortion or data leaks yet, with BleepingComputer learning that the threat actors are attempting to privately extort companies over email, where they name themselves as ShinyHunters. While Salesforce builds enterprise-grade security into everything we do, customers also play a critical role in keeping their data safe — especially amid a rise in sophisticated phishing and social engineering attacks," Salesforce told BleepingComputer. In June, Google's Threat Intelligence Group (GTIG) warned that threat actors tracked as UNC6040 were targeting Salesforce customers in social engineering attacks. "According to Recorded Future intelligence, the overlapping TTPs between known Scattered Spider and ShinyHunters attacks indicate likely some crossover between the two groups," Allan Liska, an Intelligence Analyst for Recorded Future, told BleepingComputer. To muddy the waters further, there have been numerous arrests of people linked to the name "ShinyHunters," including those who have been arrested for the Snowflake data-theft attacks, breaches at PowerSchool, and the operation of the Breached v2 hacking forum. Other researchers have told BleepingComputer that ShinyHunters and Scattered Spider appear to be operating in lockstep, targeting the same industries at the same time, making it harder to attribute attacks. In these attacks, the threat actors impersonated IT support staff in phone calls to targeted employees, attempting to persuade them into visiting Salesforce's connected app setup page. While BleepingComputer has learned that the Qantas data breach also involved a third-party customer relationship management platform, the company will not confirm it is Salesforce. It is believed that when these extortion attempts fail, the threat actors will release stolen information in a long wave of leaks, similar to ShinyHunter's previous Snowflake attacks. "On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life Insurance Company of North America (Allianz Life)," an Allianz Life spokesperson told BleepingComputer. However, threat actors associated with Scattered Spider tend to perform full-blown network breaches, culminating with data theft and, sometimes, ransomware. ShinyHunters, tracked as UNC6040, on the other hand, tends to focus more on data-theft extortion attacks targeting a particular cloud platform or web application. Another theory is that ShinyHunters is acting as an extortion-as-a-service, where they extort companies on behalf of other threat actors in exchange for a revenue share, similar to how ransomware-as-a-service gangs operate.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 30 Jul 2025 19:55:20 +0000


Cyber News related to ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH

ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH - A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. These breaches have ...
3 weeks ago Bleepingcomputer.com Hunters Scattered Spider
Allianz Life confirms data breach impacts majority of 1.4 million customers - ShinyHunters is a group of threat actors who are linked to multiple high-profile data breaches and attacks, including those against PowerSchool and the SnowFlake attacks, which ...
4 weeks ago Bleepingcomputer.com Hunters
Qantas says 5.7 million affected by breach, leaked info not enough to access frequent flyer accounts | The Record from Recorded Future News - In an updated advisory on Wednesday afternoon, the company said the data of 5.7 million people was exposed last week when hackers breached a Qantas contact center. Qantas Group CEO Vanessa Hudson said the company is in contact with Australia’s ...
1 month ago Therecord.media Scattered Spider
Allianz Life Insurance Data Breach - 1.4 Million Customers Data at Risk - Major U.S. insurance provider Allianz Life Insurance Company confirmed on Saturday that hackers compromised the personal information of the “majority” of its 1.4 million customers following a sophisticated cyberattack on July 16, 2025. ...
4 weeks ago Cybersecuritynews.com Scattered Spider
Qantas is being extorted in recent data-theft cyberattack - The Qantas breach is part of attacks targeting the aviation sector by threat actors linked to Scattered Spider. These threat actors are skilled at social engineering attacks used to gain initial access to corporate networks, commonly by tricking help ...
1 month ago Bleepingcomputer.com Scattered Spider
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
10 months ago Aws.amazon.com
Qantas confirms data breach impacts 5.7 million customers - Australian airline Qantas has confirmed that 5.7 million people have been impacted by a recent data breach, in which threat actors stole customers' data. While the company did not share any further details, BleepingComputer learned that the ...
1 month ago Bleepingcomputer.com Scattered Spider
Louis Vuitton says regional data breaches tied to same cyberattack - Luxury fashion giant Louis Vuitton confirmed that breaches impacting customers in the UK, South Korea, and Turkey stem from the same security incident, which is believed to be linked to the ShinyHunters extortion group. "Despite all security measures ...
1 month ago Bleepingcomputer.com Hunters
Salesforce Lays-Off 700 Staff - American CRM giant Salesforce is reportedly reducing its workforce again, on top of a sizeable reduction back in 2023. The Wall Street Journal reported that Salesforce is laying off 700 workers, or 1 percent of its workforce, in the latest round of ...
1 year ago Silicon.co.uk
31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com
Inside the strategy of Salesforce's new Chief Trust Officer - In this Help Net Security interview, Arkin discusses a collaborative approach to building trust among customers, employees, and stakeholders, focusing on transparency, shared responsibility, and empowering others to integrate trusted and responsible ...
1 year ago Helpnetsecurity.com
Alleged ShinyHunters Hacker Pleads Not Guilty After US Extradition - The ShinyHunters group is known for some of the largest data breaches in 2021-2022, in which the personal data of hundreds of millions of users was leaked on the now-seized Raidforums. In July 2022, HackRead.com reported on Sebastian Raoult, an ...
2 years ago Hackread.com Hunters
Security hacker ShinyHunters Pleads Not Guilty of Stealing Data from Just Eat, PicsArt, ChatBooks and HomeChef - A security hacker, ShinyHunters, has recently pled not guilty for stealing data from Just Eat, PicsArt, ChatBooks and HomeChef. ShinyHunters is accused of cyberattacks and illegal activities, including obtaining unauthorised access to sensitive data, ...
2 years ago Blog.cloudflare.com Hunters
'Significant' amount of customer data accessed during cyberattack on Qantas airline | The Record from Recorded Future News - Sam Rubin, senior vice president of threat intelligence at Palo Alto Networks' Unit 42, told Recorded Future News that Scattered Spider recently migrated toward pure social engineering-based tactics, using their English-speaking skills to fool ...
1 month ago Therecord.media Scattered Spider Dragonforce
ShinyHunters serial cybercrim gets three years in slammer The Register - A key member of the ShinyHunters cybercrime group is facing three years in the slammer and being forced to return $5 million in criminal proceeds. Sebastien Raoult, 22, was in charge of developing websites for ShinyHunters that mimicked the real ...
1 year ago Go.theregister.com Hunters
ShinyHunters Suspect Extradited to United States - The notorious hacking group, ShinyHunters, has been suspected of being extradited to the United States to face criminal charges. The news comes after a string of high-profile breaches attributed to the hacker collective. ShinyHunters are believed to ...
2 years ago Tripwire.com Hunters
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
ShinyHunters member gets 3 years in prison for breaching 60 firms - The U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000. Previously, in September 2023, Raoult pleaded guilty to conspiracy to commit wire fraud and aggravated ...
1 year ago Bleepingcomputer.com Hunters
Clear Spring Life and Annuity Company Announces Data Breach Following Ransomware Attack - On November 21, 2023, Clear Spring Life and Annuity Company filed a notice of data breach with the Attorney General of California after discovering a February 2023 ransomware attack. In this notice, Clear Spring explains that the incident resulted in ...
1 year ago Jdsupra.com
Dior begins sending data breach notifications to U.S. customers - The House of Dior (Dior) is sending data breach notifications to U.S. customers informing them that a May cybersecurity incident compromised their personal information. "Our investigation determined that an unauthorized party was able to gain ...
1 month ago Bleepingcomputer.com Hunters
The Latest Identity Theft Methods: Essential Protection Strategies Revealed - Identity theft has evolved far beyond the days of stolen mail and dumpster diving. Today's identity thieves employ sophisticated techniques, including account takeovers and government benefit fraud, making it essential for you to stay vigilant to ...
1 year ago Hackread.com
ShinyHunters Hacker Pleads Not Guilty to Data Theft Charges - A hacker associated with the ShinyHunters group, identified as Paul Gubarev, has pleaded not guilty to data theft charges as pleaded in a recent court hearing. The hacker is accused of stealing over 500 million sensitive information belonging to ...
2 years ago Blog.cloudflare.com Hunters
Qantas Airlines Hit by Cyberattack, Customer Data Compromised - Australia’s flagship carrier, Qantas Airways, has disclosed a significant cybersecurity breach affecting up to 6 million customers, with cybercriminals gaining unauthorized access to a third-party customer service platform used by the ...
1 month ago Cybersecuritynews.com
Unmasking Identity Theft: Detection and Mitigation Strategies - In an increasingly digital world, the threat of identity theft looms large, making it imperative for individuals to be proactive in detecting potential breaches and implementing effective mitigation measures. This article delves into key strategies ...
1 year ago Cybersecurity-insiders.com
Qantas discloses cyberattack amid Scattered Spider aviation breaches - Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a group of threat actors known for their conducting social engineering and identity-based attacks against organizations ...
1 month ago Bleepingcomputer.com Scattered Spider

Cyber Trends (last 7 days)