Chanel targeted in widespread Salesforce data breach
▼ Summary
– Chanel suffered a data breach on July 25th after threat actors accessed a third-party database, impacting U.S. customers’ contact information.
– The breach exposed limited personal data, including names, email addresses, mailing addresses, and phone numbers of affected clients.
– The attack is part of a wave of Salesforce data-theft incidents by the ShinyHunters group, targeting companies via social engineering.
– Salesforce confirmed its platform was not compromised, attributing breaches to phishing attacks and urging customers to enhance security measures.
– Other major brands like Adidas, Qantas, and LVMH-owned companies have also been impacted by similar Salesforce data thefts.
Luxury fashion house Chanel has confirmed a data breach affecting U.S. customers, marking the latest victim in a string of cyberattacks targeting Salesforce platforms. The incident, discovered on July 25th, involved unauthorized access to a customer service database managed by an external provider, exposing names, email addresses, phone numbers, and mailing details.
According to Chanel’s statement, the compromised information was limited to individuals who had interacted with the brand’s U.S. client care center. The company assured that affected customers have been notified, though it declined to name the third-party service provider involved. Investigations suggest the breach originated from Chanel’s Salesforce environment, part of a broader campaign by the cybercriminal group ShinyHunters.
Security researchers have linked this incident to a surge in social engineering attacks aimed at Salesforce users. Hackers employ vishing (voice phishing) tactics to trick employees into granting access or approving malicious OAuth applications. Once inside, attackers extract sensitive data, using it for extortion rather than public leaks.
Salesforce maintains that its platform remains secure, attributing the breaches to compromised customer accounts rather than system vulnerabilities. The company urges businesses to adopt multi-factor authentication (MFA) and strict access controls to mitigate risks.
Chanel joins high-profile brands like Adidas, Qantas, and LVMH-owned Louis Vuitton and Dior in falling prey to these attacks. While some companies have publicly acknowledged breaches, others remain silent, leaving customers unaware of potential exposure. Cybersecurity experts warn that the trend shows no signs of slowing, emphasizing the need for heightened vigilance across industries.
As of now, no stolen Chanel data has surfaced online, suggesting attackers may be leveraging the information privately for financial gain. The incident underscores the growing sophistication of cybercriminals and the critical role of employee training in thwarting social engineering schemes.
(Source: BLEEPING COMPUTER)
