Pandora hit by data breach in Salesforce cyberattack wave
▼ Summary
– Pandora disclosed a data breach where customer names, birthdates, and email addresses were stolen from its Salesforce database.
– The breach occurred due to social engineering and phishing attacks targeting employees to gain unauthorized Salesforce access.
– Threat actors, including ShinyHunters, are extorting companies by threatening to leak stolen data if ransoms aren’t paid.
– Salesforce confirmed its platform wasn’t compromised but urged customers to enhance security measures like enabling MFA.
– Other affected companies include Adidas, Qantas, Allianz Life, and LVMH subsidiaries like Louis Vuitton and Dior.
Danish jewelry powerhouse Pandora has confirmed a security incident affecting customer data, becoming the latest victim in a widespread campaign targeting Salesforce platforms. The breach exposed personal information but did not compromise sensitive financial details or account credentials.
With over 2,700 stores globally and a workforce exceeding 37,000, Pandora ranks among the world’s most recognizable jewelry brands. In notifications sent to affected customers, the company stated that unauthorized access occurred through a third-party service provider, though the intrusion was quickly contained. “We’ve taken immediate action to halt the breach and implemented additional security safeguards,” the message assured recipients.
According to initial reports, the stolen data was limited to names, email addresses, and birthdates, critical details that could still fuel phishing attempts. Fortunately, no payment information, government IDs, or passwords were accessed. While Pandora hasn’t publicly named the compromised vendor, sources indicate the attackers infiltrated the company’s Salesforce environment, a common target in recent months.
Security researchers have tracked these attacks since early 2025, linking them to sophisticated social engineering schemes. Cybercriminals impersonate employees or IT support staff to trick organizations into granting access to Salesforce accounts. Once inside, they exfiltrate entire databases, later demanding ransom payments under threats of public data leaks.
The group behind these breaches, identified as ShinyHunters, has a history of extorting major corporations. They’ve warned that companies refusing to pay will face mass data dumps, mirroring tactics used in earlier attacks against Snowflake customers. Security teams urge businesses to review Salesforce security guidelines, emphasizing multi-factor authentication (MFA) and strict access controls.
Salesforce maintains that its platform remains secure, attributing the breaches to customer-side vulnerabilities. “These incidents stem from phishing, not flaws in our systems,” a spokesperson clarified. “We strongly recommend enabling MFA, restricting app permissions, and training staff to recognize social engineering.”
Beyond Pandora, high-profile victims include Adidas, Qantas, and luxury brands under LVMH like Louis Vuitton and Tiffany & Co. Industry experts suspect numerous other breaches remain unreported as attackers continue refining their methods. Companies relying on cloud-based CRM systems are advised to audit their security configurations and monitor for suspicious activity.
As cyber threats evolve, proactive defense measures become non-negotiable. Organizations must balance robust technology with employee awareness to mitigate risks in an increasingly targeted digital landscape.
(Source: BLEEPING COMPUTER)
