Chanel & Pandora Hacked in Ongoing Salesforce Cyberattack
▼ Summary
– Chanel and Pandora disclosed data breaches involving their Salesforce accounts, with customer contact information accessed by unauthorized parties.
– Pandora confirmed names, birthdates, and emails were exposed, while Chanel reported names, email/home addresses, and phone numbers were compromised.
– Experts warn that even basic data like emails and birthdates can enable phishing, credential stuffing, and synthetic identity fraud.
– The ShinyHunters group is suspected in the attacks, using social engineering to steal Salesforce credentials and MFA tokens.
– Cybersecurity experts recommend stricter access controls, employee training, and monitoring to prevent similar breaches.
Luxury brands Chanel and Pandora have confirmed data breaches affecting customer information, with evidence pointing to compromised Salesforce accounts as the entry point for cybercriminals. The incidents highlight growing concerns around third-party platform vulnerabilities in retail security ecosystems.
Pandora recently began alerting customers after discovering unauthorized access to personal data stored on a third-party system. According to notifications shared online, the breach exposed names, email addresses, and birthdates, though the company emphasized that no financial details or passwords were compromised. Security teams quickly contained the intrusion and implemented additional safeguards.
Despite the limited scope, cybersecurity experts warn that even basic personal information can fuel targeted phishing campaigns, credential stuffing attacks, and identity fraud. “Threat actors don’t need banking details to cause harm, names and emails provide enough leverage for sophisticated social engineering,” noted Mark Weir of Check Point Software. He added that third-party integrations often lack sufficient monitoring, leaving gaps that criminals exploit.
Chanel separately disclosed a similar incident affecting U.S. customers, where hackers accessed a database hosted by an external provider. The stolen data included names, contact details, and physical addresses. The fashion house assured clients that its internal systems remained untouched, with no malware detected during the breach.
Investigators suspect the notorious ShinyHunters group (UNC6040) may be behind these attacks, part of a broader campaign targeting corporate Salesforce environments. Google Threat Intelligence first exposed the group’s tactics in June, revealing their use of voice phishing (vishing) to trick employees into surrendering login credentials. Posing as IT support, attackers convince victims to approve malicious Salesforce Data Loader installations or share multi-factor authentication (MFA) codes.
Recent updates indicate the group has refined its methods, now deploying Python scripts to automate data theft while masking their location through TOR networks. Google also confirmed a brief intrusion into one of its Salesforce instances, though only publicly available business data was accessed. Other high-profile targets linked to ShinyHunters include Adidas, Allianz Life, and Qantas.
Security leaders stress the urgent need for stricter access controls and employee training to counter these threats. Agnidipta Sarkar of ColorTokens advises companies to adopt role-based access policies, microsegmentation for cloud environments, and certificate-based authentication. “Human error remains the weakest link,” he emphasized. “Without proper safeguards, even routine IT requests can become gateways for large-scale breaches.”
As cybercriminals increasingly bypass technical defenses with social engineering, businesses must prioritize both technology upgrades and workforce awareness to protect sensitive customer data.
(Source: InfoSecurity Magazine)
