Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Major HR platform Workday has disclosed a data breach after threat actors accessed a third-party CRM platform.
Workday is a leading HR platform used by over 11,000 organisations worldwide, including over 60 per cent of the Fortune 500. It has over 19,300 employees across North America, Asia-Pacific and Japan (APJ), and Europe, the Middle East and Africa (EMEA).
In a blog post from last week, Workday revealed that threat actors had used social engineering techniques to breach a Workday-controlled instance of a third-party CRM, resulting in data being exfiltrated.
“We want to let you know about a recent social engineering campaign targeting many large organisations, including Workday,” said Workday.
“We recently identified that Workday had been targeted, and threat actors were able to access some information from our third-party CRM platform. There is no indication of access to customer tenants or the data within them.”
However, Workday said that some customer data and business contact information were exfiltrated, but that they were all mostly publicly available.
Data reportedly included names, phone numbers and email addresses, all of which Workday warned could be used in future social engineering attacks.
According to a customer notification seen by BleepingComputer, the data breach reportedly occurred on 6 August and that the threat actors used text messages and phone calls impersonating HR and IT staff to contact employees and get account access and personal data.
BleepingComputer also determined that the third-party organisation in question was Salesforce, linking the attack to the wave of cyber attacks performed by the ShinyHunters threat group, potentially even the new Scattered Lapsus$ Hunters hacking supergroup.
BleepingComputer said that ShinyHunters confirmed with the publication that it is privately contacting these companies for ransom payments and that it will mass publish or sell the data of all companies that don’t comply, something the group has done before during their Snowflake cyber campaign.
The group that has launched a number of these Salesforce data breaches, with victims including Allianz Life, Qantas, Chanel, Pandora, Google, and adidas.
Salesforce said the company itself had not been compromised, but rather that threat actors are using social engineering techniques to breach individual instances of Salesforce.
“Salesforce has not been compromised, and the issues described are not due to any known vulnerability in our platform. While Salesforce builds enterprise-grade security into everything we do, customers also play a critical role in keeping their data safe – especially amid a rise in sophisticated phishing and social engineering attacks,” Salesforce told BleepingComputer.
“We continue to encourage all customers to follow security best practices, including enabling multifactor authentication, enforcing the principle of least privilege and carefully managing connected applications.”
Be the first to hear the latest developments in the cyber industry.
