Workday experienced a breach in its external CRM environment, confirmed via social engineering. No customer systems were compromised, but attackers accessed company contact details, heightening risks for further assaults. Employees are targeted through calls or texts posing as HR or IT staff, aiming to extract login credentials. This incident aligns with activities of the ShinyHunters hacker group known for attacking Salesforce environments worldwide. Affected organizations need to prepare for a rise in phishing attempts as a consequence of the leaked information.
Workday confirmed that an 'external CRM environment' had been infiltrated via social engineering. Stolen information includes company contact details for potential further attacks.
The ongoing threat of social engineering attacks is underscored by attackers contacting employees, posing as HR or IT staff to obtain login credentials.
The characteristics of the incident fit into a large-scale campaign by the hacker group ShinyHunters, targeting Salesforce environments of major international companies.
Workday serves over 11,000 organizations, including over 60 percent of Fortune 500 companies, highlighting the significant exposure and potential impact of the breach.
Collection
[
|
...
]