ShieldApps > News > FBI Warns of Attacks on Salesforce Platforms

Articles & News

The best Privacy and Security apps are just a click away...

21 September 2025

FBI Warns of Attacks on Salesforce Platforms

( , - 9/21/2025)

In September 2025, the FBI issued an urgent cybersecurity advisory warning businesses about criminal groups targeting Salesforce platforms. Salesforce is one of the world’s largest customer relationship management (CRM) systems, used by thousands of companies worldwide. Because it stores sensitive customer data, it has become a prime target for hackers.

What Happened

Two groups, identified as UNC6040 and UNC6395, are actively trying to break into Salesforce environments. These attacks are not random they are part of carefully planned campaigns to steal customer information and use it for extortion.

  • UNC6395 is exploiting third-party integrations such as chatbots (e.g., Drift) and sales tools (e.g., Salesloft) to gain access.
  • UNC6040 uses social engineering tactics, pretending to be IT support staff to trick employees into revealing login details.

High-profile companies including Cloudflare, Zscaler, and Palo Alto Networks have already reported incidents linked to these groups.

Why This Matters

The scale of the threat is significant. Salesforce stores highly sensitive data like customer contact details, sales history, financial interactions, and more. If attackers access this information, they can:

  1. Steal customer identities.
  2. Launch highly convincing phishing attacks.
  3. Damage a company’s reputation and trust.
  4. Demand ransom payments to avoid leaking the data online.

Since Salesforce is cloud-based, a single compromised account can give hackers access to entire customer databases.

FBI Recommendations

The FBI has urged companies to:

  • Strengthen multi-factor authentication on Salesforce accounts.
  • Review all third-party integrations for vulnerabilities.
  • Train employees to recognize phishing and social engineering attempts.
  • Monitor Salesforce logs for suspicious activity.

How Individuals Are Affected

Even though this attack targets businesses, the real victims are customers whose personal data is stolen. This includes names, emails, and sometimes even financial information. Once leaked, this data can be used for fraud, identity theft, and scams.

How Cyber Privacy Suite Can Help

Consumers and businesses can take extra precautions by using Cyber Privacy Suite from ShieldApps. The software helps monitor sensitive data, block tracking attempts, and prevent unauthorized access. For individuals whose information might be exposed through corporate breaches like this, Cyber Privacy Suite provides an additional safeguard against identity theft and misuse of personal information.