Cisco Systems, a US-based networking and technology company, is facing extortion threats from a hacking group that claims to have stolen sensitive corporate data, including information from Salesforce systems, according to reports.
The hacker group known as ShinyHunters has alleged that it obtained more than three million Salesforce records linked to Cisco. The claimed data includes personally identifiable information, GitHub repositories, Amazon Web Services resources, and other internal company data, according to statements posted by the group on a dark web site.
The attackers said the data was collected from multiple sources, including Salesforce environments, AWS accounts, and other systems. The claims have not been independently verified, and Cisco has not confirmed the extent of any data exposure at the time of reporting.
The group issued an ultimatum to Cisco, stating that it would create disruptions or release the data if its demands were not met by a specified deadline. The message described potential consequences as “digital problems,” indicating an attempt to pressure the company into responding to the extortion attempt.
The incident is part of a broader pattern of attacks linked to Salesforce environments. Security researchers and prior reports have noted that such incidents often rely on social engineering techniques, including voice phishing, to gain access to accounts rather than exploiting vulnerabilities in Salesforce itself.
Threat actors associated with ShinyHunters have previously been linked to campaigns targeting organizations that use Salesforce, where stolen data is later used for extortion attempts. These campaigns have involved accessing cloud-based systems and extracting large volumes of data from customer environments.
The claims related to Cisco follow similar incidents in which hackers have attempted to leverage access to enterprise software platforms to obtain sensitive data and demand payment or concessions from affected organizations. In many cases, the success of these attacks depends on credential theft or misconfigured systems rather than direct exploitation of software flaws.
Cisco has not publicly confirmed the details of the alleged breach or responded to the claims made by the group. The situation remains based on statements from the attackers, and further verification would depend on official disclosures or findings from an investigation.