Forgot your password?
Close
typodupeerror
Privacy Security

ShinyHunters Leak Alleged Data From Qantas, Vietnam Airlines and Other Major Firms (hackread.com) 14

Posted by BeauHD from the another-day-another-leak dept.
schwit1 shares a report from Hackread: On October 3, 2025, Hackread.com published an in-depth report in which hackers claimed to have stolen 989 million records from 39 major companies worldwide by exploiting a Salesforce vulnerability. The group demanded that Salesforce and the affected firms enter negotiations before October 10, 2025, warning that if their demands were ignored, they would release the entire dataset. The hackers, identifying themselves as "Scattered Lapsus$ Hunters," a collective said to combine elements of Scattered Spider, Lapsus$, and ShinyHunters, have now published data allegedly belonging to 6 of the 39 targeted companies.

The companies named in the leak are as follows: Fujifilm, GAP, INC., Vietnam Airlines, Engie Resources, Quantas Airways Limited, and Albertsons Companies, Inc. In all 6 leaks, the record contains personal details of customers, business, including email addresses, full names, addresses, passport numbers, phone numbers. The hackers said on Telegram that they will not be releasing any additional information, stating, "A lot of people are asking what else will be leaked. Nothing else will be leaked. Everything that was leaked was leaked, we have nothing else to leak, and obviously, the things we have cannot be leaked for obvious reasons."
This discussion has been archived. No new comments can be posted.

ShinyHunters Leak Alleged Data From Qantas, Vietnam Airlines and Other Major Firms More

ShinyHunters Leak Alleged Data From Qantas, Vietnam Airlines and Other Major Firms

Comments Filter:
  • Did they first purge records about their own members? And I don't think what else they can't leak is obvious, at least not to me.
    • My thought exactly. On the other hand, that would make it easy to see who they are. Just grab the contents of the system at the stated timestamp, compare it to the leaked data, and see who is missing. So I think they withheld a bit more than just the data about themselves.
      • Maybe the obvious reason to withhold some records is so that the hackers can continue to attempt to extort the other organizations from which they retrieved data.

        They could also have just deleted enough random rows to make it very difficult to determine the individuals involved.

        And anyway, who's even investigating? Do insurance detectives even exist anymore? Hasn't the Consumer Financial Protection Bureau been de-funded? This kind of hack seems like credit card fraud these days: just a cost of doing b
        • Another obvious reason could be that the other companies paid or are negotiating, though I expect the pressure could be on Salesforce or Amazon (my understanding of the underlying host), depending on the point of compromise, which I didn't research.

          But why anyone would trust criminals to delete records after payment is beyond me. If the records have any actual value, they could still be sold indiscreetly, or held for future use, or used.

          I'm clearly way out of my depth here and can only speculate.

  • Obvious Obviously. (Score:5, Insightful)

    by geekmux ( 1040042 ) on Tuesday October 14, 2025 @06:38AM (#65723388)

    ”..Everything that was leaked was leaked, we have nothing else to leak, and obviously, the things we have cannot be leaked for obvious reasons."

    Can you say that again, but dumber? So it makes even less sense? For obvious reasons, obviously.

    Curious if me taking a piss is considered a “leak” from the threatscape making it as clear as mud shit.

    • Re: (Score:2)

      by Slayer ( 6656 )

      My old, grumpy and cynical interpretation of this garbled sentence is: "These are the files of those 6 companies, who did not pay the ransom."

  • I want to know who did pay the ransom, so we can boycott *them*, for encouraging this behaviour.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      I'd like to know how much blame each of these companies deserves. It seems that the hack was actually Salesforce customers being socially engineered to give the hackers access to their accounts. Obviously some training needed there, but was it a flaw in the Salesforce software's design? There was a bank hack many years ago where the social engineering relied on how the software would ask for certain information at certain times to get the target to give out the needed credentials, i.e. it was a flaw in the

  • Allegedly. Any data you want.

  • "exploiting a Salesforce vulnerability" (Score:3)

    by cmseagle ( 1195671 ) on Tuesday October 14, 2025 @07:41AM (#65723460)

    Weren't these breaches achieved by stealing auth tokens from the AWS environment of a non-Salesforce third party? Seems unfair to call this a "Salesforce vulnerability".

    How the Salesforce breaches unfolded: root causes identified [cybernews.com]

  • Data Brokers (Score:3)

    by kyoko21 ( 198413 ) on Tuesday October 14, 2025 @11:38AM (#65724080)

    At this point, if I was running a data broker company, I'd be hoping that these companies don't pay because these hackers are doing their work for them, i.e. collecting data, albeit illegally. These data broker companies should just be siphoning all this leak data and going through it and aggregate into their system so they can make their existing system better.

  • The Australian airline's name is QANTAS - and acronym for Queensland and Northern Territory Air Service. This was founded in 1920 and went on to become the national carrier of today.

Slashdot Top Deals

"The Mets were great in 'sixty eight, The Cards were fine in 'sixty nine, But the Cubs will be heavenly in nineteen and seventy." -- Ernie Banks

Close