Salesforce data breach affects fashion house Chanel

French fashion house Chanel has been hit by a data breach following a sustained series of attacks targeting Salesforce users.

The data breach was discovered on July 25 after unauthorized third parties gained access to a Chanel database managed by an external service provider. Only customers in the United States have been affected.

The exposed data includes names, email addresses, postal addresses, and phone numbers of people who contacted Chanel’s customer service department in the US. According to the company, no other data was present in the affected database. The company has since informed the customers concerned.

Although Chanel did not provide any further explanation and did not name the external service provider, BleepingComputer reports that the information came from the fashion house’s Salesforce environment. The attack is believed to be the work of the ShinyHunters extortion group, which is responsible for a series of similar attacks on Salesforce customers.

This group uses vishing techniques to obtain login details or convince employees to grant a malicious OAuth app access to their organization’s Salesforce environment. Once inside, they exfiltrate data and use it as leverage in extortion attempts.

Salesforce denies vulnerabilities

Salesforce itself stated in response to questions from BleepingComputer that the platform has not been compromised. According to the company, the incidents are the result of social engineering and not vulnerabilities in their technology. Salesforce says customers play a crucial role in securing their data, especially given the increase in sophisticated phishing and social engineering attacks.

The company continues to urge customers to follow best practices, such as using multi-factor authentication, limiting access rights, and carefully managing linked applications.

So far, there is no evidence that stolen data has been made public. However, affected companies are being blackmailed via email. In addition to Chanel, other major brands have fallen victim to similar attacks, including Adidas, Qantas, Allianz Life, and various LVMH brands such as Louis Vuitton, Dior, and Tiffany & Co.

BleepingComputer is aware of other companies that may have been affected, but cannot independently confirm this information at this time.

Salesforce data breach affects fashion house Chanel

Salesforce denies vulnerabilities

Stay tuned, subscribe!

Cisco donates AGNTCY to Linux Foundation: what does that mean for Internet of Agents?

Atos is on track with its Genesis plan: is the company recovering?

TSMC investigates major data breach involving 2-nanometer technology

Palo Alto Networks buys CyberArk for 25 billion dollars: why?

Evolution of private 5G and Wi-Fi: is convergence on the horizon?

The impact of OpsRamp on HPE and its integration into the stack

Global cancer research needs a data platform that can support it

Rise with SAP vs Grow with SAP: the different SAP ERP journeys

How AI and automation are redefining ROI in the enterprise

Enhancing video encoding: The AV1 support in the new ARTPEC-9 System-on-Chip

How organisations can remain compliant while building resiliency during the AI era

GITEX DIGI_HEALTH 5.0 - Thailand

IT Arena

Innovation Week 2025

Luxembourg Venture Days

Appdevcon

Webdevcon

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices