Hackers breach HR firm Workday - is it the latest Salesforce CRM attack victim?

News
By published

Third-party CRM was used to target ‘many large organizations’

Secure online access with password and login page to manage personal profile account. Secured connection and data security on internet. Cybersecurity and sign in form. User working on laptop computer.
(Image credit: Shutterstock)
  • Workday has been targeted in a data breach
  • The breach was part of a campaign of social engineering attacks
  • The campaign has also targeted Google, Dior, and Adidas

Popular HR platform Workday has revealed it was been hit by a data breach originating through a social engineering campaign.

“We want to let you know about a recent social engineering campaign targeting many large organizations, including Workday,” the company confirmed in a statement.

“In this campaign, threat actors contact employees by text or phone pretending to be from human resources or IT. Their goal is to trick employees into giving up account access or their personal information.”

Further phishing risks

Fortunately, Workday says so far there has been ‘no indication of access to customer tenants or the data within them’, and the firm has added extra safeguards to mitigate the risk of similar incidents in future.

The statement adds the information the threat actor obtained was ‘primarily commonly available business contact information, like names, email addresses, and phone numbers, potentially to further their social engineering scams.’

It seems that this breach could be part of a wave of security breaches that are targeting Salesforce CRM instances through phishing and social engineering attacks. These attacks have used these tactics to breach Google, Adidas, Dior, and more.

The hackers are likely to have used these phishing attacks to link malicious OAuth apps to the company’s Salesforce instance - then downloading and stealing databases before using the information to extort victims, BleepingComputer reports.

“As this type of breach is technically easier to perform yet still highly effective, we could see even more threat actors adopting these tactics” Senior Manager of Cyber and Head of SecOps at Immersive, Kevin Marriott told TechRadar Pro.

“CRM tooling is often a key target for threat actors as they typically store limited, but valuable information that threat actors can either use themselves or sell on, with databases full of information that is useful such as email addresses and other personal information.

“If this attack is indeed linked to the broader campaign targeting Salesforce instances, it highlights how threat actors such as ShinyHunters are focusing their efforts on SaaS platforms that hold valuable customer data from a variety of organisations.”

Users should make sure they stay vigilant online following the incident, and be skeptical of unsolicited incoming messages, especially those that demand urgent action or threaten with a disaster.

These are, and will continue to be, the biggest red flag in phishing attacks.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.