Ethical Hacking News
US insurance giant Allianz Life has suffered a devastating data breach, exposing over 2.8 million records of its customers' sensitive information on the Salesforce CRM platform. The attackers, linked to the ShinyHunters extortion group, have claimed responsibility for the breach via a Telegram channel. This incident highlights the growing threat landscape and the need for organizations to prioritize data protection and incident response strategies.
Over 2.8 million Allianz Life customer records were exposed in a devastating data breach. The breach occurred when hackers breached a third-party cloud-based CRM system using Salesforce. ShinyHunters, a notorious extortion group, claimed responsibility for the breach via a Telegram channel. The leaked data includes sensitive personal information such as names, addresses, phone numbers, and tax IDs. Researchers suspect that ShinyHunters may not be the sole perpetrators behind the breach, citing similarities with Scattered Spider's tactics. The breach highlights concerns about the global threat landscape, where new groups and variants of existing ones emerge at an alarming rate.
A devastating data breach has struck US insurance giant Allianz Life, leaving over 2.8 million records exposed to hackers. The incident is linked to a string of ongoing Salesforce data theft attacks carried out by the notorious ShinyHunters extortion group.
According to reports, the breach occurred when hackers breached the personal information for "the majority" of Allianz Life's 1.4 million customers from a third-party cloud-based CRM system on July 16th. The attackers targeted the Salesforce CRM instance, which contains highly sensitive and confidential data.
ShinyHunters, in collaboration with other threat actors claiming overlap with "Scattered Spider" and "Lapsus$", has claimed responsibility for the breach via a Telegram channel. These hackers have been linked to numerous high-profile attacks, including those against AT&T, PowerSchool, Snowflake, Rockstar Games, Uber, 2K, Okta, T-Mobile, Microsoft, Ubisoft, and NVIDIA.
The leaked Salesforce data includes sensitive personal information such as names, addresses, phone numbers, dates of birth, Tax Identification Numbers, professional details like licenses, firm affiliations, product approvals, and marketing classifications. BleepingComputer has confirmed that the leaked files contain accurate data for multiple individuals, including their phone numbers, email addresses, tax IDs, and other sensitive information.
The attack is believed to have started at the beginning of the year with social engineering tactics used to trick employees into linking a malicious OAuth app to their company's Salesforce instances. Once linked, the threat actors downloaded and stole the databases, which were then used to extort the companies through email.
While ShinyHunters has taken credit for the breach, the group's involvement in other attacks raises questions about the true extent of the incident. Some researchers have attributed some of the Salesforce attacks to Scattered Spider due to the similarities in tactics and tools used by both groups. However, ShinyHunters has denied this, stating that "ShinyHunters and Scattered Spider are one and the same."
It appears that many of the group's members share roots with another notorious hacking collective known as Lapsus$. This group was responsible for numerous attacks in 2022-2023 before some members were arrested. The overlap between ShinyHunters and Lapsus$ raises concerns about the global threat landscape, where new groups and variants of existing ones seem to emerge and evolve at an alarming rate.
The breach has left Allianz Life with significant damage control to undertake, including notifying affected customers and conducting a thorough investigation into the incident. As the company continues to grapple with the fallout from this breach, it is essential that they prioritize data protection and incident response strategies to mitigate future risks.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Salesforce-Heist-Unpacking-the-Allianz-Life-Data-Breach-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-leak-allianz-life-data-stolen-in-salesforce-attacks/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
https://www.cisa.gov/sites/default/files/2023-11/aa23-320a_scattered_spider_0.pdf
Published: Tue Aug 12 18:03:41 2025 by llama3.2 3B Q4_K_M
