In a massive wave of cyberattacks, the notorious hacking group ShinyHunters has compromised the Salesforce customer relationship management (CRM) platforms of at least 91 companies, including major names like Chanel, Dior, and Adidas. This sophisticated campaign, which has also affected airlines like Qantas and tech giants such as Google, showcases a shift in tactics from the financially motivated group. Instead of exploiting a vulnerability in the Salesforce platform itself, the hackers are using social engineering to trick employees into providing access.
The attacks rely on a technique known as “vishing” (voice phishing), where threat actors call employees, posing as IT support or a third-party vendor. They then deceive employees into installing a malicious application, often a fake version of Salesforce’s “Data Loader” tool. Once installed, the app grants the attackers API-level access to the company’s Salesforce data, allowing them to exfiltrate vast amounts of sensitive information.
For companies like Chanel and Dior, this means that customer data, including names, email addresses, mailing addresses, and phone numbers, has been exposed. While no financial information or passwords appear to have been compromised, the stolen data is still a goldmine for future phishing attempts and identity theft. The hackers are reportedly using the stolen data to extort victims, demanding ransom payments to prevent the information from being leaked on the dark web.
The sheer scale and high-profile nature of the breaches have sent shockwaves through the corporate world. Salesforce has been quick to clarify that its platform was not directly compromised, stating that the incidents are a result of customers failing to secure their own access points against these sophisticated social engineering attacks. Nevertheless, the reputational damage is significant, and the incidents serve as a stark reminder of the human element in cybersecurity. Companies, regardless of their size, are urged to implement strong security measures, including multi-factor authentication (MFA) and extensive employee training to recognize and thwart such attacks.
