New Data Extortion Site Emerges, Lists Salesforce Among 39 Potential Victims
A concerning new development in the cybersecurity landscape has emerged with the launch of a new data leak website dedicated to extorting dozens of companies. This platform, operated by an unknown cybercriminal group, currently lists 39 victims, threatening to publish their sensitive internal data unless a ransom is paid. Most notably, the list of alleged victims includes the cloud-based software giant, Salesforce.
This new operation highlights a dangerous evolution in cybercrime tactics. Instead of relying solely on encrypting a victim’s files (traditional ransomware), these attackers focus on pure data theft and the subsequent threat of public exposure. This method, often called “double-extortion,” puts immense pressure on organizations to pay, as a public data leak can lead to devastating reputational damage, regulatory fines, and loss of customer trust.
The Scope of the Attack
The newly discovered leak site acts as a public shaming board, displaying the names of targeted companies as a negotiation tactic. The list spans various industries, indicating a widespread and indiscriminate campaign. However, the inclusion of Salesforce has drawn significant attention due to the massive amount of sensitive customer and business data handled by its platform.
At this time, the claim against Salesforce remains unverified, and the company has not issued a public statement confirming a breach related to this specific threat. It is crucial to note that cybercriminals sometimes list high-profile companies to generate fear and increase their credibility, even without having successfully breached them. Regardless, the mere allegation is a serious threat that warrants immediate attention from security professionals.
The primary goal of this operation is financial. By stealing confidential files—such as financial records, customer information, intellectual property, and internal communications—the attackers create powerful leverage. They bet that the cost of a public leak far outweighs the price of their ransom demand.
A Shift in Cybercriminal Strategy
This incident underscores a broader trend where data, not system access, is the ultimate prize. While ransomware that encrypts systems is still a major threat, data exfiltration-based extortion is becoming a standalone attack vector. This approach requires less technical sophistication than deploying complex ransomware and can be just as profitable.
For businesses, this means that even with robust backup systems in place to recover from an encryption attack, they remain vulnerable. The only true defense against data extortion is preventing the initial breach and theft of data.
How to Protect Your Organization from Data Extortion
The rise of these data leak sites is a stark reminder that proactive security is non-negotiable. Organizations cannot afford to be complacent. Here are essential steps every business should take to bolster its defenses:
- Strengthen Access Controls: Implement the principle of least privilege, ensuring employees only have access to the data and systems absolutely necessary for their jobs. This minimizes the potential damage if an account is compromised.
- Implement Multi-Factor Authentication (MFA): MFA is one of the most effective controls to prevent unauthorized access to networks, applications, and cloud services. It provides a critical layer of security beyond just a password.
- Enhance Network Monitoring: Deploy advanced security solutions that can detect unusual data movements or large-scale data exfiltration. Early detection is key to stopping an attack before significant damage is done.
- Conduct Regular Employee Training: Your staff is your first line of defense. Regular training on phishing, social engineering, and secure data handling practices can significantly reduce the risk of an initial compromise.
- Develop an Incident Response Plan: Do not wait for an attack to happen. Have a clear, tested plan that outlines who to contact, how to isolate affected systems, and how to manage communications in the event of a data breach.
- Perform Regular Security Audits and Penetration Testing: Proactively identify and remediate vulnerabilities in your systems before attackers can exploit them.
As threat actors continue to refine their methods, businesses must remain vigilant. This new extortion site is a clear signal that the stakes have never been higher, and the threat of a public data leak is a powerful weapon in the hands of cybercriminals.
Source: https://www.helpnetsecurity.com/2025/10/06/data-leak-site-extortion-salesforce/
