Nearly 1 Billion Salesforce Records Stolen — Are Vietnamese Businesses at Risk?

• 08/10/2025

A large-scale cyberattack carried out by the Scattered LAPSUS$ Hunters group has shaken the global tech community.
The hackers claim to have stolen nearly one billion personal records from organizations using the Salesforce CRM platform. While Salesforce has confirmed that its core infrastructure remains secure, the incident highlights significant risks for organizations worldwide — including in Vietnam — through third-party integrations and human vulnerabilities.

The Attack Targeted People, Not the Platform

According to early analyses, the attackers did not directly compromise Salesforce’s infrastructure, which is protected by strict security controls. Instead, they exploited human weaknesses through a classic form of social engineering.

Using a “vishing” technique (voice phishing), the hackers impersonated technical support staff and called IT departments to trick employees into installing a fake version of Salesforce Data Loader, a legitimate tool used to import and export large datasets.

Once the malicious software was installed, the attackers gained a “backdoor” to customer databases, allowing them to download sensitive information without bypassing Salesforce’s main authentication layers.

The group also abused third-party integrations between Salesforce and popular apps like Salesloft and Drift, stealing OAuth tokens to access data without original login credentials — a sophisticated software supply chain attack that has become increasingly difficult to detect.

A Real Threat for Vietnamese Enterprises

Salesforce has become a preferred CRM platform for many Vietnamese enterprises, banks, and large corporations as part of their digital transformation journey. Although no domestic victim has been officially confirmed, the risk remains tangible — particularly for organizations lacking strict access controls or exposing authentication tokens in integrated systems.

A successful breach could lead to:

• Leakage of highly sensitive personal data such as names, emails, phone numbers, transaction histories, and customer feedback.

• Severe reputational damage and loss of customer trust.

• Increased risk of follow-up fraud or phishing attacks, and potential legal consequences under Vietnam’s data protection regulations.

Technology Alone Is Not Enough — People Are the Key

This incident is a stark reminder that one fake phone call can bring down an entire system.
To strengthen data protection and resilience, DTG recommends that organizations:

Raise security awareness — especially among IT and high-privilege users — to recognize social engineering and vishing attempts.
Review all third-party integrations and revoke unused OAuth tokens immediately.
Enforce strict data access controls based on the “least privilege” principle.
Implement continuous monitoring and anomaly detection to identify suspicious activity early.

An Urgent Wake-Up Call for the Vietnamese Market

While the claim of “1 billion stolen records” is still being verified, several global organizations have confirmed they were affected. The hackers have reportedly published a “leak portal” on the Tor network, listing potential victims — indicating motives that go beyond data theft to include extortion and public pressure.

For Vietnamese enterprises accelerating their digital transformation and depending heavily on cloud-based platforms like Salesforce, this is not just a warning —

It’s an urgent reminder to strengthen processes, people, and technology to eliminate every possible security gap.