3 days ago
4
Cloud software giant Salesforce has defended its security practices days after hackers published data from about 5.7 million Qantas customers to the dark web.
At the company’s Dreamforce conference in San Francisco – the world’s largest AI summit – Salesforce executives stressed that security is the company’s top priority, in their first public comments since the leak.
The security keynote came just days after hackers published data from about 5.7 million Qantas customers after a breach disclosed in July.
The Qantas breach, which occurred on June 30, exposed customer names, addresses, phone numbers, email addresses and frequent flyer information.Credit: Oscar Colman
The incident was part of a broader series of attacks that affected multiple Salesforce customers, with hackers claiming to have stolen nearly one billion records from about 40 companies, including Disney, Toyota and Ikea. Consumers are being advised to brace for a deluge of scams tied to the data dump.
A company spokesperson said that Salesforce’s systems remained secure, stating the platform has not been compromised, and the activity is not related to any known vulnerability in Salesforce technology.
“My team and I work towards ensuring that our products are built safe, securely and resiliently and most importantly, are worthy of the trust that you all put in us,” Prashant Vadlamudi, Salesforce’s head of product security told attendees.
“Salesforce powers mission-critical operations across the globe, for multiple organisations and governments, and we know that a simple security incident could have a global impact. Our mission is very simple – block this impact before it happens. And how do we do so? We do that by embedding security into everything we do.”
Attendees outside the Moscone Centre before the 2025 Dreamforce conference in San Francisco this week.Credit: Bloomberg
The attacks targeted customer organisations rather than Salesforce infrastructure. According to security researchers at Google’s Threat Intelligence Group, more than 700 organisations may have been affected by similar attacks this past winter.
The hackers used social engineering tactics known as “vishing” or voice phishing. Criminals used AI to impersonate IT support personnel and convinced employees at a Manila-based Qantas call centre and other companies to install modified software that appeared to be Salesforce’s legitimate Data Loader tool. This provided access to customer databases stored within those organisations’ Salesforce accounts.
Loading
Salesforce provides customer relationship management software used by thousands of companies to store customer data, making it an attractive target for cybercriminals seeking large-scale data theft.
At Dreamforce, Salesforce said it took a “shared responsibility” model to security, arguing customers must properly configure security settings the platform provides.
“We are a global team that works 24 hours a day, seven days a week, monitoring, detecting and responding to all security events,” said Kelly McCracken, who leads the company’s Cyber Security Operations Centre.
“Our customers are able to customise their [settings] to meet their business needs, and they must configure them to ensure that they keep their data secure.”
She said that in the event of a data breach involving a customer, Salesforce partners directly in the investigation and remediation, feeding incident data back to its threat-intel team to shore up platform-wide defences.
The hacking group responsible, identified as Scattered Lapsus$ Hunters, had set an October 10 deadline for companies to begin ransom negotiations. When companies declined to pay, the group began releasing stolen data. A Salesforce spokesman said the company would not engage, negotiate with, or pay any extortion demand.
The Qantas breach, which occurred on June 30, exposed customer names, addresses, phone numbers, email addresses and frequent flyer information, though no credit card details or passport numbers were compromised. Qantas has obtained an injunction from the NSW Supreme Court limiting public disclosure of affected customer details.
Qantas is urging affected customers to remain vigilant about scams and has established a 24/7 support line. The airline advises customers to independently verify any communications claiming to be from Qantas and to use two-factor authentication on their accounts. Security experts warn that criminals may cross-reference the Qantas data with other breached databases to create more targeted scam campaigns.
The attacks are considered separate from another incident in August involving Salesforce integration software, which security researchers say may have affected hundreds of additional companies. Both incidents remain under investigation by law enforcement and cybersecurity firms.
David Swan travelled to San Francisco as a guest of Salesforce.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
Most Viewed in Technology
Loading
