Hackers Leak Allianz Life Data Stolen in Salesforce Attacks
In a shocking revelation, hackers have leaked the personal information of 2.8 million Allianz Life customers and business partners, exposing sensitive data stolen during ongoing Salesforce data theft attacks.
Last month, Allianz Life disclosed that it suffered a data breach on July 16th, when the personal information for the majority of its 1.4 million customers was stolen from a third-party cloud-based CRM system. While the company did not name the provider, BleepingComputer first reported the incident as part of a wave of Salesforce-targeted thefts carried out by the ShinyHunters extortion group.
Over the weekend, ShinyHunters and other threat actors claiming overlap with "Scattered Spider" and "Lapsus$" created a Telegram channel called "ScatteredLapsuSp1d3rHunters" to taunt cybersecurity researchers, law enforcement, and journalists while taking credit for a string of high-profile breaches.
Many of these attacks had not previously been attributed to any threat actor, including the attacks on Internet Archive, Pearson, and Coinbase. One of the attacks claimed by the threat actors is Allianz Life, for which they proceeded to leak the complete databases that were stolen from the company's Salesforce instances.
The leaked Salesforce data includes sensitive personal information, such as names, addresses, phone numbers, dates of birth, and Tax Identification Numbers, as well as professional details like licenses, firm affiliations, product approvals, and marketing classifications. BleepingComputer has been able to confirm with multiple people that their data in the leaked files is accurate, including their phone numbers, email addresses, tax IDs, and other information contained in the database.
According to ShinyHunters, they are now one and the same as "Scattered Spider", a group previously thought to be separate from them. This revelation comes after months of speculation about the true nature of these groups and their involvement in high-profile data breaches.
The Ties Between Lapsus$, Scattered Spider, and ShinyHunters
Many of the group's members share their roots in another hacking group known as Lapsus$, which was responsible for numerous attacks in 2022-2023. The group behind these breaches was eventually disrupted by law enforcement, with some of its members arrested.
Lapsus$ was adept at social engineering attacks and SIM swap attacks, allowing them to run over billion and trillion-dollar companies' IT defenses. This level of sophistication has raised concerns about the potential scale of their operations.
The Ongoing Salesforce Data Theft Attacks
It is believed that many of the group's members share their roots in Lapsus$, which was responsible for numerous high-profile breaches in 2022-2023. However, it is unclear whether the current threat actors are old threat actors, new ones who have picked up the mantle, or simply utilizing these names to plant false flags.
Over the past couple of years, there have been many arrests linked to all three collectives, so it's not clear if the current threat actors are old threat actors, new ones who have picked up the mantle, or are simply utilizing these names to plant false flags.
The Consequences of the Data Breach
The leaked Salesforce data poses a significant risk to Allianz Life customers and business partners. The exposure of sensitive personal information could lead to identity theft, financial loss, and reputational damage for the affected parties.
As cybersecurity experts and law enforcement agencies scramble to respond to this breach, it is essential to take proactive steps to protect against such attacks in the future. Regular backups, secure passwords, and robust security protocols can help mitigate the impact of these types of breaches.
The Latest Developments
ShinyHunters have released a statement confirming their involvement in the Allianz Life data breach and taunting cybersecurity researchers, law enforcement, and journalists. The group has also taken credit for other high-profile breaches, including those against Qantas, LVMH, and Pandora.