Fujifilm Leak Exposes 222K Salesforce Account Records

A Fujifilm leak indexed by leaksear.ch contains 222,058 Salesforce account records, including names, emails, phone numbers, billing and shipping addresses, and Salesforce account metadata, with a breach date recorded as October 10, 2025 (leaksear.ch metadata). Fujifilm Holdings is headquartered in Tokyo and operates across healthcare, electronics, business innovation, and imaging (holdings.fujifilm.com).

What happened

leaksear.ch metadata attributes the dataset to ShinyHunters and says it was published on the ShinyHunters/Scattered Lapsus$ Hunters Trinity of Chaos extortion leak site after a voice-phishing campaign that abused a malicious OAuth app connected to corporate Salesforce instances (leaksear.ch metadata). Public reporting in October 2025 described Scattered Lapsus$ Hunters launching a data leak site to pressure 39 organizations whose Salesforce databases had reportedly been stolen, with Fujifilm named among the listed companies (www.helpnetsecurity.com, www.resecurity.com).

Google Threat Intelligence Group and the FBI documented the broader UNC6040 Salesforce campaign: callers impersonated IT support, persuaded employees to authorize malicious connected apps or modified Data Loader apps, and then used Salesforce access to query and exfiltrate data. GTIG said observed cases relied on manipulating end users, not exploiting a vulnerability inherent to Salesforce, while the FBI warned that OAuth-based connected app authorization can make malicious access look like trusted integration activity (cloud.google.com, www.fbi.gov).

Public reporting later said only six of the original 39 named organizations had data released, including Fujifilm. DataBreaches.net reported Fujifilm was among the first six releases, and Hackread reported the Fujifilm file was a 155 MB CSV with around 224,000 records made public on October 10, 2025 (databreaches.net, hackread.com). No public source reviewed here shows a Fujifilm notice confirming the intrusion or the exact forensic path, so the Fujifilm-specific record count and fields below are anchored to leaksear.ch metadata.

What data was exposed

leaksear.ch indexes the Fujifilm dataset as Salesforce account records. Searchable exposure pivots are address, country, email, name, and phone (leaksear.ch metadata).

Stored record context includes account IDs and customer codes, billing and shipping address objects, fax numbers, websites, industries, employee counts, account types, owner and parent IDs, record type IDs, created and modified dates, last viewed dates, system timestamps, customer satisfaction fields, outstanding balance fields, and other Salesforce metadata (leaksear.ch metadata). The metadata does not identify passwords, payment-card numbers, or government ID numbers in this dataset (leaksear.ch metadata).

Why this matters

CRM contact data is valuable because it links people, organizations, phone numbers, emails, addresses, and account context. That can support phishing, vendor impersonation, business email compromise preparation, and follow-on social engineering against Fujifilm customers, partners, or staff whose records were in Salesforce. Security teams should correlate suspicious email and phone activity with the October 2025 Salesforce extortion wave and review whether exposed CRM metadata creates customer, supplier, or regulatory notification obligations. If you may have dealt with Fujifilm, use leaksear.ch to check whether your email, name, phone, address, or country appears in this leak.

Check your exposure

Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, name, and phone.

Fujifilm Leak Exposes 222K Salesforce Account Records

What happened

What data was exposed

Why this matters

Check your exposure

Sources