Hackers claim they stole 1.5 billion Salesforce records from hundreds of companies in major hack - but are they telling the truth?

Months after the initial breach, ShinyHunters have disclosed further details about the attack, claiming to have stolen 1.5 billion records from 760 global companies. The attackers exploited GitHub secrets to access sensitive Salesforce object tables, and the breach occurred when threat actors from three groups — ShinyHunters, Lapsus$, and Scattered Spider — joined forces in March 2025 to breach Salesloft’s GitHub repository, where they found OAuth tokens for the Salesloft Drift and Drift Email platforms using TruffleHog. The FBI had previously issued warnings as hacker groups announced they were “going dark,” but ShinyHunters have now revealed the full scale of the data compromise.

CLICK HERE FOR FULL ARTICLE