Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

BlackFile victims' Salesforce and SharePoint data leak

Data Leak
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

BlackFile's stolen documents were published on a dark web leak site, exposing employee and business records taken from Salesforce and SharePoint environments. The leak includes material such as employee phone numbers, confidential business reports, and files containing SSN references. Publishing the data increases extortion pressure on victims and broadens the harm beyond the initial credential-theft intrusion.

Related Happenings

7-Eleven franchisee-docs and Salesforce data leak

Data Leak
First: 18.05.2026 14:25 Last: 18.05.2026 14:25 Sources 1

About this happening: **7-Eleven** confirmed a **April 8, 2026** intrusion into systems used to store **franchisee documents**, and **ShinyHunters** later claimed the theft of **more than 600,000 Sales...

Latest development: 26.05.2026 10:01

Have I Been Pwned analyzed the leaked 7-Eleven data and estimated that the breach exposed personal information for 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses. The exposed archive was tied to ShinyHunters' extortion campaign against 7-Eleven and followed the group's leak-site posting after ransom demands were not met.

Open Happening

Zara customer data leak exposing 197,400 people

Data Leak
First: 08.05.2026 13:42 Last: 08.05.2026 13:42 Sources 1

About this happening: The **Zara** customer-data leak now exposes **197,400 people**, creating privacy and phishing risk across multiple markets. The exposed records include **unique email addresses**,...

Open Happening

Instructure user personal information breach

Data Leak
First: 04.05.2026 01:16 Last: 04.05.2026 01:16 Sources 1

About this happening: Instructure confirmed a **data breach** that exposed **users' personal information**, putting students, teachers, and staff at risk across affected institutions. The exposed mater...

Open Happening

BlackFile vishing extortion campaign targeting retail and hospitality organizations

Campaign
First: 24.04.2026 21:26 Last: 24.04.2026 21:26 Sources 1

How related: A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026.

About this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...

Open Happening

Moltbook wide-open database exposure

Data Leak
First: 22.04.2026 13:41 Last: 22.04.2026 13:41 Sources 1

About this happening: The **Moltbook** database exposure placed **35,000 email addresses** and **1.5 million agent API tokens** at risk, creating immediate potential for account hijacking and credentia...

Open Happening

Timeline

  1. 24.04.2026 21:26 2 articles · 1mo ago

    BlackFile leaks stolen Salesforce and SharePoint data

    Victim Impact Update

    BlackFile publishes exfiltrated documents from victims' Salesforce and SharePoint environments to a dark web data leak site, exposing employee phone numbers, confidential business reports, CSV datasets, and files containing "SSN" references while extortion demands follow via compromised employee email accounts or randomly generated Gmail addresses.

    Show sources
    Open in new tab