HR giant Workday has also been hit by the wave of Salesforce attacks. At least, that’s how it appears. On Friday, the company confirmed that an “external CRM environment” had been infiltrated via social engineering. Although no customer systems were affected, the stolen information includes company contact details that could potentially be used for further attacks.
Workday warns that attackers are contacting employees by phone or text message, posing as HR or IT staff. The goal is to obtain login credentials or personal information.
The timing of this new incident underscores the ongoing threat of social engineering attacks. As technical security becomes increasingly robust, criminals are still able to penetrate business systems by exploiting human weaknesses.
ShinyHunters behind Salesforce wave
Although Workday has not explicitly confirmed this, the incident’s characteristics fit perfectly into a large-scale campaign by the hacker group ShinyHunters. Since the beginning of this year, this group has been carrying out targeted attacks on Salesforce CRM environments of international companies.
Recent victims of this campaign include Google, Chanel, Adidas, Qantas, Allianz Life, Louis Vuitton, Dior, and Tiffany & Co. The attack method remains consistent: criminals use voice phishing to trick employees into linking a malicious OAuth app to their company Salesforce.
Large-scale campaign hits tech giant
On August 6, Workday discovered that attackers had gained access to information in its external CRM platform. The company serves over 11,000 organizations, including more than 60 percent of Fortune 500 companies.
According to Workday, the stolen data mainly contains “generally available business contact information, such as names, email addresses, and phone numbers.” This information can be used by criminals for follow-up attacks via social engineering.
For affected organizations, this means increased vigilance for phishing attempts in which the stolen contact information is used to gain the trust of potential victims.