Ransomware Group “Trinity of Chaos” Launches Data Leak Site

A new data leak site hosted on the TOR network has been launched by the “Trinity of Chaos” – a ransomware collective allegedly tied to the Lapsus$, Scattered Spider and ShinyHunters groups.

The collective has also threatened Salesforce after exploiting vulnerabilities in its environment, claiming to possess massive amounts of corporate data. Salesforce has dismissed the claim, stating no new vulnerabilities exist, though it acknowledged that prior breaches could have compromised customer data. The group said it had attempted to negotiate with Salesforce and warned that if ignored, it would report the breach to regulators, potentially leading to criminal negligence charges. Their message mirrors tactics used by other ransomware actors that pressure companies through regulatory threats, particularly under EU GDPR rules.

Resecurity confirmed that leaked samples contain significant personally identifiable information (PII) but few passwords, suggesting that data was likely obtained from Salesforce instances via stolen OAuth tokens and vishing attacks tied to Salesloft’s Drift AI integration. The FBI has since issued a flash alert to help organizations detect similar breaches.

In total, the group claims to possess over 1.5 billion records across 760 companies, including: 254,127,054 accounts, 579,042,146 contacts, 171,625,743 opportunities.

To read the complete article see: Infosecurity Magazine