Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
As the Salesforce cyber crime campaign continues, French fashion giant Chanel has become the latest victim of data theft, according to a company statement.
As originally reported by WWD, Chanel said that on 25 July, it detected threat actors breaching a Chanel database hosted by a third party.
“Based on the findings of the investigation, the data obtained by the unauthorised external party contained limited details of a subset of individuals who contacted our client care centre in the US –specifically name, email address, mailing address and phone number,” a Chanel spokesperson told WWD.
“No other information was contained in the database. The clients affected have been informed.”
While Chanel did not disclose how many individuals were affected, the breach only impacted customers in the United States.
The company also did not name the third party that was breached; however cyber and tech publication BleepingComputer said it has identified that the database breached was a Salesforce instance.
The publication said it has identified the threat actor targeting these instances to be none other than the ShinyHunters hacking group, adding that the same group breached Allianz Life, Qantas and adidas.
Responding to BleepingComputer, Salesforce said the company itself had not been compromised, but rather that threat actors are using social engineering techniques to breach individual instances of Salesforce.
“Salesforce has not been compromised and the issues described are not due to any known vulnerability in our platform. While Salesforce builds enterprise-grade security into everything we do, customers also play a critical role in keeping their data safe – especially amid a rise in sophisticated phishing and social engineering attacks,” Salesforce told BleepingComputer.
“We continue to encourage all customers to follow security best practices, including enabling multifactor authentication, enforcing the principle of least privilege and carefully managing connected applications.
So far, the threat actors have not released any data publicly, only resorting to email extortion.
How deep does the rabbit hole go?
Interestingly enough, experts previously suggested that Qantas was originally breached by the Scattered Spider hacking collective, which has set a precedent of targeting multiple victims in a single industry before moving on and not publishing data publicly. In the airline industry case, the group is believed to have also targeted Hawaiian Airlines and Canadian airline WestJet.
Scattered Spider was also believed to have begun targeting US insurance companies back in June, according to Google Threat Intelligence researchers.
“Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry,” John Hultquist, chief analyst at Google Threat Intelligence Group, told BleepingComputer.
Cyber Daily has previously suggested this could mean that the ShinyHunters group is working with or had crossover with Scattered Spider.
While it could be a coincidence, the cyber attack on Chanel follows a wave of cyber attacks on other fashion retailers with operations in the US, including Victoria’s Secret, believed to have been conducted by Scattered Spider, which also could suggest a collaboration of some kind between the two threat entities.
Other fashion retailers including Cartier, Dior, and Louis Vuitton have also been hit in recent months, suggesting a wider crime wave that fits the bill of Scattered Spider’s operations.
However, this is all speculative, as some of these breaches were not disclosed as involving a third party and there is currently no concrete evidence that there is any crossover between Scattered Spider and ShinyHunters.
Be the first to hear the latest developments in the cyber industry.
