A notorious predominantly English-speaking hacking group has launched a website to extort its victims, threatening to release about a billion records stolen from companies who store their customers’ data in cloud databases hosted by Salesforce.
The loosely organized group, which has been known as Lapsus$, Scattered Spider, and ShinyHunters, has published a dedicated data leak site on the dark web, called Scattered LAPSUS$ Hunters.
The website, first spotted by threat intelligence researchers on Friday and seen by TechCrunch, aims to pressure victims into paying the hackers to avoid having their stolen data published online.
“Contact us to regain control on data governance and prevent public disclosure of your data,” reads the site. “Do not be the next headline. All communications demand strict verification and will be handled with discretion.”
Insurance giant Allianz Life, Google, fashion conglomerate Kering, the airline Qantas, carmaking giant Stellantis, credit bureau TransUnion, and the employee management platform Workday, among several others, have confirmed their data was stolen in these mass hacks.
The hackers’ leak site lists several alleged victims, including FedEx, Hulu (owned by Disney), and Toyota Motors, none of which responded to a request for comment on Friday.
It’s not clear if the companies known to have been hacked but not listed on the hacking group’s leak site have paid a ransom to the hackers to prevent their data from being published. When reached by TechCrunch, a representative from ShinyHunters said, “there are numerous other companies that have not been listed,” but declined to say why.
At the top of the site, the hackers mention Salesforce and demand that the company negotiate a ransom, threatening that otherwise “all your customers [sic] data will be leaked.” The tone of the message suggests that Salesforce has not yet engaged with the hackers.
Salesforce spokesperson Nicole Aranda provided a link to the company’s statement, which notes that the company is “aware of recent extortion attempts by threat actors.”
“Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support,” the statement reads. “At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.”
Aranda declined to comment further.
For weeks, security researchers have speculated that the group, which has historically eschewed a public presence online, was planning to publish a data leak website to extort its victims.
Historically, such websites have been associated with foreign, often Russian-speaking, ransomware gangs. In the last few years, these organized cybercrime groups have evolved from stealing, encrypting their victim’s data, and then privately asking for a ransom, to simply threatening to publish the stolen data online unless they get paid.
Updated with comment from ShinyHunters and comment from Salesforce.
Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.
You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.
Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security.
He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com.
South Korea is world-famous for its blazing-fast internet, near-universal broadband coverage, and as a leader in digital innovation, hosting global tech brands like Hyundai, LG, and Samsung. But this very success has made the country a prime target for hackers and exposed how fragile its cybersecurity defenses remain.
The country is reeling from a string of high-profile hacks, affecting credit card companies, telecoms, tech startups, and government agencies, impacting vast swathes of the South Korean population. In each case, ministries and regulators appeared to scramble in parallel, sometimes deferring to one another rather than moving in unison.
Critics argue that South Korea’s cyber defenses are hindered by a fragmented system of government ministries and agencies, often resulting in slow and uncoordinated responses, per local media reports.
“The government’s approach to cybersecurity remains largely reactive, treating it as a crisis management issue rather than as critical national infrastructure,” Brian Pak, the chief executive of Seoul-based cybersecurity firm Theori, told TechCrunch.
Pak, who also serves as an advisor to SK Telecom’s parent company’s special committee on cybersecurity innovations, told TechCrunch that because government agencies tasked with cybersecurity work in silos, developing digital defenses and training skilled workers often get overlooked.
The country is also facing a severe shortage of skilled cybersecurity experts.
“[That’s] mainly because the current approach has held back workforce development. This lack of talent creates a vicious cycle. Without enough expertise, it’s impossible to build and maintain the proactive defenses needed to stay ahead of threats,” Pak continued.
Political deadlock has fostered a habit of seeking quick, obvious “quick fixes” after each crisis, said Pak, all the while the more challenging, long-term work of building digital resilience continues to be sidelined.
This year alone, there has been a major cybersecurity incident in South Korea almost every month, further mounting concerns over the resilience of South Korea’s digital infrastructure.
January 2025
GS Retail, the operator of convenience stores and grocery markets across South Korea, confirmed a data breach that exposed the personal details of about 90,000 customers after its website was attacked between December 27 and January 4. The stolen information included names, birth dates, contact details, addresses, and email addresses.
South Korea’s part-time job platform Albamon was hit by a hacking attack on April 30. The breach exposed the resumes of more than 20,000 users, including names, phone numbers, and email addresses.
In April, South Korea’s telecom giant SK Telecom was hit by a major cyberattack. Hackers stole the personal data of about 23 million customers — nearly half the country’s population. Much of the aftermath of the cyberattack lasted through May, in which millions of customers were offered a new SIM card following the breach.
June 2025
Yes24, South Korea’s online ticketing and retail platform, was hit by a ransomware attack on June 9, which knocked its services offline. The disruption lasted for about four days, with the company back online by mid-June.
A North Korea-backed hacking group, Kimsuky, used AI-generated deepfake images in a July spear-phishing attempt against a South Korean military organization, according to Genians Security Center. The group has also targeted other South Korean institutions.
Seoul Guarantee Insurance (SGI), a Korean financial institution, was hit by a ransomware attack around July 14, which disrupted its core systems. The incident knocked key services offline, including the issuing and verification of guarantees, leaving customers in limbo.
Hackers broke into South Korean financial services company Lotte Card, which issues credit and debit cards, between July 22 and August. The breach exposed around 200GB of data and is believed to have affected roughly 3 million customers. The breach remained unnoticed for approximately 17 days, until the company discovered it on August 31.
Welcome Financial: In August 2025, Welrix F&I, a lending arm of Welcome Financial Group, was hit by a ransomware attack. A Russian-linked hacking group claimed it stole over a terabyte of internal files, including sensitive customer data, and even leaked samples on the dark web.
North Korea-linked hackers, believed to be the Kimsuky group, have been spying on foreign embassies in South Korea for months by disguising their attacks as routine diplomatic emails. According to Trellix, the campaign has been active since March and has targeted at least 19 embassies and foreign ministries in South Korea.
September 2025
KT, one of South Korea’s biggest telecom operators, has reported a cyber breach that exposed subscriber data from more than 5,500 customers. The attack was linked to illegal “fake base stations” that tapped into KT’s network, enabling hackers to intercept mobile traffic, steal information like IMSI, IMEI, and phone numbers, and even make unauthorized micro-payments.
In September 2025, the National Security Office announced that it would implement “comprehensive” cyber measures through an interagency plan, led by the South Korean president’s office. Regulators also signaled a legal change giving the government power to launch probes at the first sign of hacking — even if companies haven’t filed a report. Both steps aim to address the lack of a first responder that has long hindered South Korea’s cyber defenses.
But South Korea’s fragmented system leaves accountability weak, placing all authority in a presidential “control tower” could risk “politicization” and overreach, according to Pak.
A better path may be balance: a central body to set strategy and coordinate crises, paired with independent oversight to keep power in check. In a hybrid model, expert agencies like KISA would still handle the technical work — just with more straightforward rules and accountability, Pak told TechCrunch.
When reached for comment, a spokesperson for the South Korea’s Ministry of Science in ICT said the ministry, with KISA and other relevant agencies, is “committed to addressing increasingly sophisticated and advanced cyber threats.”
“We continue to work diligently to minimize potential harm to Korean businesses and the general public,” the spokesperson added.
This article was originally published on September 30.
Kate Park is a reporter at TechCrunch, with a focus on technology, startups and venture capital in Asia. She previously was a financial journalist at Mergermarket covering M&A, private equity and venture capital.
For the past few days, my Bluesky feed has been increasingly filled with mysterious posts about waffles.
The back-and-forth seems to have started with a tongue-in-cheek post by Jerry Chen lampooning a form of social media sanctimoniousness that’s become all too recognizable on Bluesky: “(bluesky user bursts into Waffle House) OH SO YOU HATE PANCAKES??”
Bluesky CEO Jay Graber quoted this approvingly, adding, “Too real. We’re going to try to fix this. Social media doesn’t have to be this way.” Another user then asked, “have y’all banned Jesse Singal yet or” to which Graber simply replied, “WAFFLES!”
In a follow-up post, Graber wrote, “Harassing the mods into banning someone has never worked. And harassing people in general has never changed their mind.” She also alluded to the controversy by posting a nudge-nudge wink-wink photo of waffles, as did Singal.
Users continued to criticize her, with Graber firing back — when one compared the criticism to a customer threatening to cancel their service, she asked, “Are you paying us? Where?” When another suggested that she should apologize, Graber said, “You could try a poster’s strike. I hear that works.”
It might be tempting to dismiss this whole thing as another example of leftist infighting, especially since the Bluesky Discourse has already moved on to the question of whether “clanker” is a slur.
Techcrunch event
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
But the controversy also underlines ongoing tensions between the company and some of its most vocal users. It’s a tension that could be seen last month in skeptical responses to the company’s updated community guidelines, and in recurring complaints that Bluesky has been too quick to ban Palestinian and trans users, while offering leniency to big accounts like Singal’s.
It may be simplistic to reduce this tension to a single cause, but I suspect much of it comes from differing visions about what makes Bluesky special: If you think it’s Bluesky’s community, especially that early community of marginalized users, then it can feel like a betrayal when Bluesky executives seem unwilling to stand up for those users.
One user who posts under the name Katie Tightpussy speculated that Bluesky leadership has come to loathe “having a large social media app that they never wanted” and suggested that they spin it off so they can return “to Protocol Land where they never have to think about the opinions of plebeians ever again.”
Amidst the current controversy, she posted about “decentralization acceleration” and wrote, “We’re system architects at core. We built a decentralized network so you could run your own moderation,” then suggested that the company’s “upcoming healthy discourse project is taking some swings at the interaction model that drives these dynamics on Bluesky.”
Graber may even have foreseen some version of this conflict when Bluesky was starting out with vision of a decentralized system that allows users to migrate elsewhere if they’re unhappy with company leadership. As she reportedly wrote in Bluesky’s founding documents, “The company is a future adversary.”
Anthony Ha is TechCrunch’s weekend editor. Previously, he worked as a tech reporter at Adweek, a senior editor at VentureBeat, a local government reporter at the Hollister Free Lance, and vice president of content at a VC firm. He lives in New York City.
Welcome back to TechCrunch Mobility, your hub for all things “future of transportation.” To get this in your inbox, sign up here for free — just click TechCrunch Mobility!
More than a month ago, I asked you, dear reader, how you thought EV sales would play out once the $7,500 federal tax credit expired on September 30. The majority of those who responded to the poll predicted that EV sales would fall off a cliff.
Now, it’s too early to tell yet; we are just a few days past the end of the quarter. But the expiring tax credit did give many automakers a bit of a sales bump as consumers raced to buy EVs before the deadline.
Tesla, which has seen sales growth diminish, just registered its best quarter of deliveries ever at 497,099 vehicles. That’s a massive 29% jump from the second quarter, about a 7% increase over the same period last year, and more than it has ever delivered in a single quarter.
Ford Motor, General Motors, and Hyundai also reported record quarterly sales of EVs. Riviansaw deliveries jump to 13,201 vehicles, up from 10,661 and 8,640 in the second and first quarters, respectively.
The looming question is how will automakers navigate a possible slowdown in EV sales in this post-tax credit era? Rivian has already adjusted its guidance down for 2025. Others may follow.
The crux for automakers is how to get rid of inventory as the new 2026 models come in without reducing or eliminating profit margins (and in some cases deepening the losses)?
Techcrunch event
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
TheDepartment of Energy canceled 321 clean energy projects but wasn’t sharing the details with TechCrunch or the public. Luckily, a little bird shared the complete list of awards the Trump administration had canceled, and the results were revealing.
Altogether, the canceled awards totaled $7.56 billion, with California bearing the brunt, losing $2.2 billion worth of grants, including a $630 million grid-modernization program that could have become a template for the nation. Colorado, Illinois, Massachusetts, Minnesota, New York, and Oregon rounded out the top eight, losing between $300 million and $600 million each.
It wasn’t until farther down the list that a red state popped up. Indeed, the majority of projects were sited in states that had voted for Kamala Harris in the last presidential election, something many media outlets reported after Office of Management and Budget chief Russell Vought tweeted as much.
But even in blue states, some awards stuck, possibly due to political connections with the Trump administration or aligned interests. Whatever the case, the move by the DOE suggests the government might be a less reliable partner for businesses, especially small startups.
Toyota may not be the first company that springs to mind when one thinks about startups. But perhaps it should be.
The Japanese automaker is committing $1.5 billion in new capital to focus on, and invest in, the life cycle of startups — from the first seeds of an invention through its growth stage and eventually to mature companies.
Toyota has created a strategic investment subsidiary called Toyota Invention Partners Co. with about $670 million in capital, while its growth-stage venture arm Woven Capital launched a second $800 million fund.
I spoke to Woven Capital general partner George Kellerman about Toyota’s capital commitment and its investment strategy. He described Toyota Invention Partners as a bookend of sorts to the company’s other investment organizations. Check out my article to learn why.
Other deals that got my attention …
Remember Einride, the Swedish startup known for its unusual-looking electric and autonomous pods? The company is still plugging along and has now raised $100 million from several new and existing investors, including its largest shareholder, EQT Ventures. The raise included an undisclosed strategic investment from quantum computing company IonQ. It’s worth noting that while $100 million is a lot of coin, it’s far lower than the $500 million in equity and debt it raised a few years ago.
Electroflow, a startup developing a cheaper LFP battery, raised $10 million in a seed round led by Union Square Ventures and Voyager with participation from Fifty Years and Harpoon Ventures.
Flai, a San Francisco-based AI-for-car-dealerships startup, raised a $4.5 million seed round led by Liz Wessel at First Round Capital. YC, RedBlue Capital, Joe Montana’s Liquid 2 Ventures, and Innovation Endeavors also joined.
This highly unusual deal is becoming more common under the Trump administration. The Department of Energy took a 5% equity stake in Canadian companyLithium Americasand a 5% stake in its Nevada mining joint venture with General Motors as part of a renegotiation of a $2.26 billion federal loan. This follows the federal government taking equity stakes in Intel and MP Materials.
The U.K. government will guarantee a commercial bank loan of £1.5 billion ($2 billion) for carmaking giant Jaguar Land Rover after a hack forced the company to shut down its production lines and left downstream suppliers at risk of bankruptcy.
Early-stage deep tech fund Wave Function Ventures closed its first fund of $15.1 million. Senior reporter Sean O’Kane profiles its founder Jamie Gull and his path from aerospace engineer to VC.
Notable reads and other tidbits
Image Credits:Bryce Durbin
Two Amazon Prime Air delivery drones collided with the boom of a crane near its same-day site in Tolleson, Arizona — the company’s one commercial location. Federal agencies are investigating, and after a temporary pause, Amazon has restarted the service.
DoorDash has spent years working on an autonomous delivery robot that can navigate roads, bike lanes, and sidewalks. Senior AI reporter Max Zeff spent time with “Dot” and Ashu Rege, a former executive at the Amazon-owned AV company Zoox, who now leads DoorDash’s autonomy division.
Faraday Future still exists and we know this because one of the troubled EV startup’s electric SUVs caught fire at its Los Angeles headquarters, leading to an explosion that blew out part of a wall.
The Trump administration’s crackdown in Chicago is affecting the gig economy, the founder of e-bike subscription startup Whizz tells TechCrunch.
Waymo scored a regulatory win in New York City and received an extension for its testing permit.
WestJet, Canada’s second largest airline, said the personal information of 1.2 million passengers was stolen in a cyberattack and data breach.
Zoox will start mapping the streets of Washington, D.C., as it ramps up to begin testing its self-driving vehicles in the nation’s capital this year.
One more thing …
TechCrunch Disrupt 2025is just a few weeks away. I hope you come and say hi! And yes, there are some noteworthy transportation folks who will be on our stage, including Waymo co-CEO Tekedra Mawakana, Waabi founder and CEO Raquel Urtasun, Wayve co-founder and CEO Alex Kendall, and Slate CEO Chris Barman.
In the weeks leading up to the event, we’ve been showcasing some of the Startup Battlefield 200 companies, including Hance, a startup working on low energy-consuming, on-device processing that’s already attracted the likes of Intel.
Kirsten Korosec is a reporter and editor who has covered the future of transportation from EVs and autonomous vehicles to urban air mobility and in-car tech for more than a decade. She is currently the transportation editor at TechCrunch and co-host of TechCrunch’s Equity podcast. She is also co-founder and co-host of the podcast, “The Autonocast.” She previously wrote for Fortune, The Verge, Bloomberg, MIT Technology Review and CBS Interactive.
You can contact or verify outreach from Kirsten by emailing kirsten.korosec@techcrunch.com or via encrypted message at kkorosec.07 on Signal.
Some areas of this page may shift around if you resize the browser window. Be sure to check heading and document order.
Support Us by Disabling Your Adblocker
Our content is made possible by the support of our advertisers. Please consider disabling your adblocker to help us continue delivering quality content you love.
