More than 19,300 individuals are employed at Workplace across North America, EMEA and APJ. The client list contains more than 11,000 companies across a range of sectors, including almost two-thirds of the Fortune 500 companies. According to the organization's on the incident, Workday was targeted by a social engineering campaign. The post stated, "In this campaign, threat actors contact employees by text or phone pretending to be from human resources or IT. Their goal is to trick employees into giving up account access or their personal information."
Sensitive secrets required for this access are often stored in an insecure manner by default," Schwake said. "This situation presents a key API security challenge for security teams, and with services like ChatGPT heavily depending on APIs to access and handle user data, this poses an even greater risk.