"Workday, a leading provider of HR and financial software, confirmed that a recent social engineering scheme gave attackers entry to a third-party customer relationship management (CRM) platform. The breach did not compromise customer tenant systems or their stored data. In a blog post on Friday, Workday said threat actors posed as internal staff through calls and text messages, deceiving some employees into sharing access details. While certain information was exposed, Workday stressed that its core platforms remained unaffected."
"Workday clarified that the stolen records primarily involved general business contact details, such as names, email addresses, and phone numbers - information that could be used in further social engineering scams. Cybersecurity experts warn that even limited data of this kind can provide criminals with material for phishing or voice-based scams aimed at employees or customers. According to BleepingComputer, which reviewed customer notifications, Workday detected the breach on Aug. 6."
Workday confirmed that a social engineering campaign allowed attackers to access a third-party CRM platform without compromising customer tenants or their stored data. Threat actors posed as internal staff via calls and text messages to deceive employees into sharing access details. The exposed records primarily included business contact details such as names, email addresses, and phone numbers, which could be leveraged for phishing or voice-based scams. Workday detected the incident on Aug. 6 and has not disclosed the number of affected individuals or businesses. Security researchers linked the pattern to a ShinyHunters campaign that targets CRM systems by tricking employees into granting malicious app access.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]