Developing: Salesforce Data Leak Site Under Seizure, Indicates Government Intervention

The data leak site associated with Salesforce, breachforums[.]hn, appears to be undergoing seizure. Recent WHOIS data reveals that the domain's name servers have been updated to Cloudflare's infrastructure (hans.ns.cloudflare.com and surina.ns.cloudflare.com), a common indicator of law enforcement action. This suggests that authorities may be taking control of the domain to disrupt its operations or gather intelligence. The site is reportedly used by the group ScatteredLAPSUS$Hunters, which has been involved in data breaches. Notably, the corresponding onion site remains operational, indicating that while the clearnet presence is being targeted, the dark web operations continue unimpeded. This development highlights the ongoing cat-and-mouse game between law enforcement and cybercriminals. For cybersecurity professionals, this serves as a reminder of the importance of monitoring both clearnet and dark web activities for comprehensive threat intelligence. The situation is fluid, and further updates are expected as more information becomes available. Organizations should remain vigilant and ensure that their incident response plans are up to date. Continuous monitoring and threat intelligence sharing are crucial in staying ahead of such threats.