- Workday has been targeted in a data breach
- The breach was part of a campaign of social engineering attacks
- The campaign has also targeted Google, Dior, and Adidas
Popular HR platform Workday has revealed it was been hit by a data breach originating through a social engineering campaign.
“We want to let you know about a recent social engineering campaign targeting many large organizations, including Workday,” the company confirmed in a statement.
“In this campaign, threat actors contact employees by text or phone pretending to be from human resources or IT. Their goal is to trick employees into giving up account access or their personal information.”
Further phishing risks
Fortunately, Workday says so far there has been ‘no indication of access to customer tenants or the data within them’, and the firm has added extra safeguards to mitigate the risk of similar incidents in future.
The statement adds the information the threat actor obtained was ‘primarily commonly available business contact information, like names, email addresses, and phone numbers, potentially to further their social engineering scams.’
It seems that this breach could be part of a wave of security breaches that are targeting Salesforce CRM instances through phishing and social engineering attacks. These attacks have used these tactics to breach Google, Adidas, Dior, and more.
The hackers are likely to have used these phishing attacks to link malicious OAuth apps to the company’s Salesforce instance – then downloading and stealing databases before using the information to extort victims, BleepingComputer reports.
“As this type of breach is technically easier to perform yet still highly effective, we could see even more threat actors adopting these tactics” Senior Manager of Cyber and Head of SecOps at Immersive, Kevin Marriott told TechRadar Pro.
“CRM tooling is often a key target for threat actors as they typically store limited, but valuable information that threat actors can either use themselves or sell on, with databases full of information that is useful such as email addresses and other personal information.
“If this attack is indeed linked to the broader campaign targeting Salesforce instances, it highlights how threat actors such as ShinyHunters are focusing their efforts on SaaS platforms that hold valuable customer data from a variety of organisations.”
Users should make sure they stay vigilant online following the incident, and be skeptical of unsolicited incoming messages, especially those that demand urgent action or threaten with a disaster.
These are, and will continue to be, the biggest red flag in phishing attacks.