BlackFile victims' Salesforce and SharePoint data leak
Data Leak
Summary
Hide ▲
Show ▼
BlackFile's stolen documents were published on a dark web leak site, exposing employee and business records taken from Salesforce and SharePoint environments. The leak includes material such as employee phone numbers, confidential business reports, and files containing SSN references. Publishing the data increases extortion pressure on victims and broadens the harm beyond the initial credential-theft intrusion.
Related Happenings
Pink new extortion brand within The Com
Threat Actor Meta
H score30
First: 08.07.2026 19:47
Last: 08.07.2026 19:47
Sources 1
About this happening:
A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...
Pink new extortion brand within The Com
Threat Actor MetaAbout this happening: A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...
Klue Battlecards app Salesforce customer data leak
Data Leak
H score41
First: 19.06.2026 12:03
Last: 19.06.2026 12:03
Sources 1
About this happening:
A **Klue**-related **Salesforce** data leak on **June 12** exposed customer records after an attacker used a **compromised legacy credential** to obtain **OAuth tokens** from Klue...
Klue Battlecards app Salesforce customer data leak
Data LeakAbout this happening: A **Klue**-related **Salesforce** data leak on **June 12** exposed customer records after an attacker used a **compromised legacy credential** to obtain **OAuth tokens** from Klue...
Latest development: 20.06.2026 01:31
Icarus publicly claimed responsibility on its data leak site for the Klue-related Salesforce data theft and pressured Klue and affected organizations to contact the group through Session to avoid publication of stolen data. The same campaign was also tied to additional victims including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity, with most reporting theft from Salesforce instances rather than compromise of their core platforms or infrastructure.
Kodak customer and internal data leak claim
Data Leak
H score75
First: 17.06.2026 10:07
Last: 17.06.2026 10:07
Sources 1
About this happening:
Kodak is facing a **claimed data leak** after **ShinyHunters** said it stole **over 2.2 million records** from the company and threatened public release. The claimed material incl...
Kodak customer and internal data leak claim
Data LeakAbout this happening: Kodak is facing a **claimed data leak** after **ShinyHunters** said it stole **over 2.2 million records** from the company and threatened public release. The claimed material incl...
Council of Europe ShinyHunters data leak claim
Data Leak
H score82
First: 15.06.2026 13:44
Last: 15.06.2026 13:44
Sources 1
About this happening:
**ShinyHunters** has posted the **Council of Europe** on a **Tor-based leak site**, claiming a data theft that could expose **more than 297 GB** and **over 429,000 files**. The al...
Council of Europe ShinyHunters data leak claim
Data LeakAbout this happening: **ShinyHunters** has posted the **Council of Europe** on a **Tor-based leak site**, claiming a data theft that could expose **more than 297 GB** and **over 429,000 files**. The al...
Nottingham University data publication on ShinyHunters leak site
Data Leak
H score68
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...
Nottingham University data publication on ShinyHunters leak site
Data LeakAbout this happening: **Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...
Timeline
-
24.04.2026 21:26 2 articles · 2mo ago
BlackFile leaks stolen Salesforce and SharePoint data
Victim Impact UpdateBlackFile publishes exfiltrated documents from victims' Salesforce and SharePoint environments to a dark web data leak site, exposing employee phone numbers, confidential business reports, CSV datasets, and files containing "SSN" references while extortion demands follow via compromised employee email accounts or randomly generated Gmail addresses.
Show sources
- New BlackFile extortion group linked to surge of vishing attacks — www.bleepingcomputer.com — 24.04.2026 21:26
- New BlackFile extortion group linked to surge of vishing attacks — www.bleepingcomputer.com — 24.04.2026 21:26