292/68 Thursday, August 14, 2025
The hacker group ShinyHunters has leaked data stolen from U.S. insurance company Allianz Life, exposing personal and business information of over 2.8 million records. This incident is part of a broader campaign targeting Salesforce CRM systems. Allianz Life previously confirmed on July 16 that customer data—affecting approximately 1.4 million individuals—had been stolen from a third-party cloud-based CRM platform, which sources have linked to Salesforce and the ShinyHunters group.
The leaked data includes Salesforce “Accounts” and “Contacts” tables containing names, addresses, phone numbers, dates of birth, taxpayer identification numbers, and professional data such as licenses, product approvals, and marketing segmentation details. Multiple sources have verified the authenticity of the leaked data, while Allianz Life declined to comment, citing an ongoing investigation.
The attack reportedly began with a social engineering scheme that tricked employees into authorizing a malicious OAuth application connected to the company’s Salesforce instance. This allowed attackers to exfiltrate entire datasets, which were then used for ransom demands. ShinyHunters claimed collaboration with Scattered Spider and alleged links to former Lapsus$ members, the same threat actors behind high-profile breaches at Rockstar Games, Uber, T-Mobile, and Microsoft. This incident highlights the growing cybersecurity risks of SaaS platforms and the importance of defending against social engineering-based intrusions.
