Find notable cyber news and cases, enriched with sources, timelines, and signals.

BlackFile victims' Salesforce and SharePoint data leak

Data Leak
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

BlackFile's stolen documents were published on a dark web leak site, exposing employee and business records taken from Salesforce and SharePoint environments. The leak includes material such as employee phone numbers, confidential business reports, and files containing SSN references. Publishing the data increases extortion pressure on victims and broadens the harm beyond the initial credential-theft intrusion.

Related Happenings

Pink new extortion brand within The Com

Threat Actor Meta
H score30 First: 08.07.2026 19:47 Last: 08.07.2026 19:47 Sources 1

About this happening: A new **Pink** extortion brand has emerged within **The Com**, signaling a more decentralized criminal ecosystem that can scale credential theft and data extortion across multiple...

Klue Battlecards app Salesforce customer data leak

Data Leak
H score41 First: 19.06.2026 12:03 Last: 19.06.2026 12:03 Sources 1

About this happening: A **Klue**-related **Salesforce** data leak on **June 12** exposed customer records after an attacker used a **compromised legacy credential** to obtain **OAuth tokens** from Klue...

Latest development: 20.06.2026 01:31

Icarus publicly claimed responsibility on its data leak site for the Klue-related Salesforce data theft and pressured Klue and affected organizations to contact the group through Session to avoid publication of stolen data. The same campaign was also tied to additional victims including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity, with most reporting theft from Salesforce instances rather than compromise of their core platforms or infrastructure.

Kodak customer and internal data leak claim

Data Leak
H score75 First: 17.06.2026 10:07 Last: 17.06.2026 10:07 Sources 1

About this happening: Kodak is facing a **claimed data leak** after **ShinyHunters** said it stole **over 2.2 million records** from the company and threatened public release. The claimed material incl...

Council of Europe ShinyHunters data leak claim

Data Leak
H score82 First: 15.06.2026 13:44 Last: 15.06.2026 13:44 Sources 1

About this happening: **ShinyHunters** has posted the **Council of Europe** on a **Tor-based leak site**, claiming a data theft that could expose **more than 297 GB** and **over 429,000 files**. The al...

Nottingham University data publication on ShinyHunters leak site

Data Leak
H score68 First: 10.06.2026 21:31 Last: 10.06.2026 21:31 Sources 1

About this happening: **Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...

Timeline

  1. 24.04.2026 21:26 2 articles · 2mo ago

    BlackFile leaks stolen Salesforce and SharePoint data

    Victim Impact Update

    BlackFile publishes exfiltrated documents from victims' Salesforce and SharePoint environments to a dark web data leak site, exposing employee phone numbers, confidential business reports, CSV datasets, and files containing "SSN" references while extortion demands follow via compromised employee email accounts or randomly generated Gmail addresses.

    Show sources