Post
The Scattered Lapsus$ Hunters portal has 25 victim orgs posted so far, they're an average of about one every 10 minutes.
I've talked to one of the victim orgs - their sample data is indeed from their Salesforce instance. Gonna be a long weekend for a bunch of orgs. Each org also has sample downloads up too.
Also they've hidden 4 minutes of music on their webserver - /m_1701h87271.mp3
I don't know what it is but here's my reaction
This is the music on the LAPSUS portal HT @Rairii
For anybody following the LAPSUS$ weekend saga - they're staging data into /samples on their Tor server before posting, there's 39 orgs so far, many aren't announced yet - e.g. Cisco
The data is authentic, and there's quite a lot.
Some of it is PII, too - e.g. TransUnion credit agency is there with live chat transcripts with customers.
when i scoop the extortion group
Just for any confusion, this data appears to be via Salesforce and Salesloft Drift a few months ago. Lots of the victim orgs didn't disclose a breach but, well, probably knew.
Also, I don't think the victim orgs should pay, and there probably needs to be discussion about why legislation is so steeped in data vs operational impact. A business customer CMS database isn't very important in the grand scheme of things and it sucks this group walks around with millions of dollars of bitcoin.
A space for Bonfire maintainers and contributors to communicate
