I don't think Salesforce itself was hacked. It says "data stolen from the Salesforce instances of multiple companies".

HIBP links to [1], which links to [2], which says

>The FBI last week warned airlines in the US that the group was targeting the aviation sector. In a post on X, the FBI said the group uses social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access, and bypassing multi-factor authentication.

So it sounds like phishing attacks against the individual airlines. It sounds pretty much the same as [3], which goes into detail of the exact mechanism that phishers can use to steal Salesforce data. It does sound like it is a little bit Salesforce's fault, because Salesforce's UI makes it really easy to grant an attacker access to your database without realizing it. Salesforce needs to improve the permission granting UI so that it's clearer what is going on.

[1] https://www.theguardian.com/business/2025/oct/11/hackers-lea...

[2] https://www.theguardian.com/business/2025/jul/02/qantas-conf...

[3] https://cloud.google.com/blog/topics/threat-intelligence/voi...