Workday, a big business software company, was recently affected by a data breach. The company said this happened because of a social engineering attack aimed at many large organizations.
Workday found that attackers got into some information on its third-party customer relationship management (CRM) platform. But Workday stated that customer accounts and their data were not accessed. The company quickly stopped the access and added more security measures.
The hacked data was mainly business contact details. This includes names, email addresses, and phone numbers. Workday warned that attackers might use this information for new social engineering scams. The company reminded everyone that it will never ask for passwords or other private details directly.
This attack looks a lot like others carried out by a hacking group called ShinyHunters. ShinyHunters often use social engineering to penetrated their targets, the calls employees, pretending to be from IT or HR. They then trick people into downloading a harmful app or giving up their login details. This lets the attackers get into company databases, often Salesforce, to steal data and then ask for money.
Many other well-known companies have been hit in similar ways. Other big names like LVMH, Chanel, Adidas, Qantas, Google, and Air France-KLM were hit by the same tactics. There are also signs that financial companies could be next targets.
ShinyHunters is also linked to the Scattered Spider group. That group is known for ransomware attacks against UK retailers earlier this year.
This incident shows how important it is for companies and people to be careful. Always be wary of calls or messages asking for sensitive information, even if they seem to come from a trusted source.
