leaksear.ch has indexed an Albertsons Companies Salesforce CRM leak dated October 10, 2025, containing 252,147 records and contact/profile data such as names, emails, phone numbers, addresses, date-of-birth fields and usernames (leaksear.ch metadata). Albertsons is a major U.S. food and drug retailer with 2,244 stores across 35 states and Washington, D.C., and public reporting later named Albertsons among the Salesforce customers whose data was allegedly leaked by Scattered LAPSUS$ Hunters in October 2025 (www.sec.gov, www.securityweek.com).
What happened
Public reporting first placed Albertsons on the Scattered LAPSUS$ Hunters leak site in early October 2025. Help Net Security reported that the site listed 39 companies whose Salesforce data was allegedly stolen, including Albertsons, and that entries included breach dates, data types, amounts and samples (www.helpnetsecurity.com). BleepingComputer reported that the group used an October 10, 2025 deadline to pressure victims and Salesforce, and that Salesforce said there was no indication its platform had been compromised or that a known Salesforce vulnerability was involved (www.bleepingcomputer.com).
After that deadline, SecurityWeek and SC Media reported that Scattered LAPSUS$ Hunters leaked data allegedly tied to six Salesforce customers, including Albertsons (www.securityweek.com, www.scworld.com). The exact initial access path for the Albertsons records has not been publicly confirmed. Google Threat Intelligence Group's reporting on the related UNC6040 Salesforce campaign described vishing that tricked users into authorizing malicious connected apps, which then allowed data to be queried and exfiltrated from customer Salesforce environments (cloud.google.com).
What data was exposed
leaksear.ch metadata for this source lists 252,147 records. The searchable pivots are address, country, dateOfBirth, email, name, phone and username (leaksear.ch metadata).
The same metadata lists additional stored context that is not directly searchable, including CRM/account identifiers, club card status and enrollment data, gender, mobile and other phone fields, employee or user identifiers, department, division and title fields, status fields, login_info, photo URL fields, and created, modified and login timestamps (leaksear.ch metadata). The provided metadata does not list passwords, payment-card numbers, bank account numbers, Social Security numbers, or government IDs as exposed fields (leaksear.ch metadata).
Why this matters
Contact data from a grocery loyalty or CRM environment is useful for phishing because it lets attackers combine a familiar brand with a real email, phone number or address. Dates of birth, usernames and loyalty or account context can also strengthen social engineering, account-recovery abuse, and identity-verification fraud, even without passwords or payment data. Security teams should monitor for Albertsons-themed impersonation, suspicious account-recovery attempts, and outreach referencing loyalty or CRM details. Use leaksear.ch to check whether your email, phone, name, address, username, country or date of birth appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, phone, and username.
Sources
- U.S. SEC: Albertsons Companies, Inc. Form 10-K
- SecurityWeek: Extortion Group Leaks Millions of Records From Salesforce Hacks
- Help Net Security: Hackers launch data leak site to extort 39 victims, or Salesforce
- BleepingComputer: ShinyHunters launches Salesforce data leak site to extort 39 victims
- SC Media: Scattered Lapsus$ Hunters release stolen data from Salesforce customers
- Google Cloud: The Cost of a Call: From Voice Phishing to Data Extortion