FBI Warns of Threat Actors Hitting Salesforce Customers

FBI warns of threat groups targeting Salesforce users via social engineering. Protect your data with multi-factor authentication and vigilance.

By Content Team

Sep 16, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

The FBI is warning about two threat groups targeting Salesforce customers through sophisticated social engineering attacks. UNC6040 (also known as ShinyHunters) has been calling company help desks since October 2024, posing as IT support to trick employees into sharing login credentials or installing malicious apps that steal customer data.

UNC6395 previously exploited stolen OAuth tokens from Salesloft's Drift application to access hundreds of Salesforce environments earlier this year. Salesforce and Salesloft revoked all Drift tokens in August, but the threat remains active through other integrations.

Some victims have received extortion emails demanding cryptocurrency payments to prevent data publication. The FBI recommends training call center staff, implementing phishing-resistant multi-factor authentication, and monitoring network activity to defend against these ongoing campaigns.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

TeamPCP Hackers Compromise Official Telnyx Python Package in Supply Chain Attack

Mar 28, 2026

Google's Vertex AI Default Settings Allow Privilege Escalation Attacks

Jan 18, 2026

Major Data Breach Hits Netherlands' Largest Mobile Operator, 6.2 Million Users Affected

Feb 16, 2026

Microsoft Kicks Off 2026 With 112 Security Patches, Including Active Zero-Day Attack

Jan 14, 2026