Hackers threaten to release 1 billion customer records by 3pm AEST
A software company that holds the personal data of 5.7 million Qantas customers has just hours to pay a ransom to a hacker group threatening to leak nearly 1 billion sensitive customer records.
Notorious cyber hacker group Scattered Lapsus$ Hunters claims to have stolen a cache of personal customer records from 39 major companies that store data with software giant Salesforce after targeting the software company between April 2024 and September 2025.
More than a billion records were stolen from 39 companies, including the Qantas Frequent Flyers program, Toyota, Disney, McDonalds and HBO Max.
The hackers threatened to release this personal data within hours and gave Salesforce until 11:59pm New York time (or 3pm AEST) on 11 October to pay a ransom to the group to stop the leak.
Details compromised in the attack on the Qantas customer service platform powered by Salesforce included names, phone numbers, addresses, emails, dates of birth, gender, frequent flyer numbers, point balances and status tiers.
On Wednesday, Salesforce refused to pay any ransom or negotiate with the group.
A dark web site linked to the hacking group has posted repeated threats that “if no contact is made, (Salesforce) will make the data public.”
“If Salesforce does not contact us to resolve this issue, we will fully target each and every one of their customers listed below,” the site said.
“Failure to comply will have huge consequences… Don’t be the next headline, make the right decision and reach out to us.”
The darknet website used to publish these messages has since been seized by the FBI.
Scattered Lapsus$ Hunters respond to raid on encrypted messaging platform Telegram
The group reportedly posted, “Hijacking a domain doesn’t really impact our FBI operations… try harder ;).”
Qantas has a Supreme Court ruling preventing the data from being published or published, but the airline will not be able to stop criminal groups from publishing information on the dark web.
Salesforce said in a statement on Oct. 2 that it was aware of “recent extortion attempts by threat actors” that were under investigation by outside experts and authorities.
“Our findings indicate that these attempts are related to historical or unsubstantiated events, and we continue to communicate with affected customers to provide support,” the statement said.
“There is currently no indication that the Salesforce platform has been compromised and this activity is unrelated to any known vulnerabilities in our technology.”
