""Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation," the company said."
""Importantly, the affected platform does not store financial or sensitive personal information, and none was accessed," the automaker says."
""They targeted third-party integrations and tokens that open doors across entire enterprise systems. Once a group like ShinyHunters finds a foothold that works, they run it at scale until someone forces them to stop. This is part of a systemic pattern we're seeing across Salesforce environments," Sharma said."
""The big concern here is that the trust we hand off between SaaS platforms, identity providers, and even security tools has become the real attack surface. Defending against that means testing how that trust could be abused and cutting off the paths before attackers get there," Sharma added."
Stellantis disclosed a data breach tied to a third-party service used in North American operations and activated incident response procedures upon discovery. The breach compromised contact information for North American customers, and affected individuals are being notified directly. The company stated that the impacted platform does not store financial or sensitive personal information and that none was accessed. Customers were urged to watch for phishing attempts and unsolicited communications asking for personal data. Security professionals link the incident to a broader campaign targeting third-party integrations and tokens, citing risks across Salesforce environments and the wider SaaS trust model.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]