Chanel has become the latest victim in a series of data breaches targeting Salesforce customers, with the company confirming a security incident that exposed the contact information of a subset of its U.S. clientele. The breach was detected on July 25th after threat actors, identified as the ShinyHunters extortion group, gained unauthorized access to a Chanel database hosted by a third-party service provider. The stolen data included names, email addresses, mailing addresses, and phone numbers of individuals who had contacted the company’s client care center. Chanel has since informed the affected customers, and the company has stated that no other sensitive information was compromised.
The attack on Chanel is part of a wider, ongoing campaign targeting Salesforce customers.
The perpetrators, reportedly the ShinyHunters extortion group, have been using sophisticated social engineering techniques, such as vishing (voice phishing), to trick employees into compromising their credentials or authorizing a malicious OAuth app. This method allows them to bypass security measures and gain unauthorized access to the victim company’s Salesforce instance. Once inside, the attackers exfiltrate the company’s database, which they then use as leverage in extortion demands. This pattern has been observed in attacks against other major corporations, indicating a well-orchestrated and focused effort.
Salesforce has responded to these incidents by clarifying that its platform itself has not been compromised. The company maintains that the breaches are not due to any known vulnerabilities in its system but are a result of social engineering attacks that exploit human error. Salesforce emphasized that while it provides robust security measures, customers play a critical role in protecting their data. The company has urged all its users to adopt security best practices, including implementing multi-factor authentication (MFA), enforcing the principle of least privilege, and carefully managing connected applications to mitigate the risk of such attacks.
The ShinyHunters group has a track record of data theft and extortion, and this current wave of attacks follows a similar modus operandi.
Although they have successfully exfiltrated data from several high-profile companies, they have not yet publicly leaked any of the stolen information. Instead, they are currently extorting the affected companies directly via email, hoping to secure a ransom payment to prevent the data from being released. This strategy highlights their primary motivation as financial gain rather than public exposure or a political agenda.
The list of companies impacted by this wave of Salesforce data theft attacks is extensive and includes several prominent global brands. In addition to Chanel, the ShinyHunters group has targeted and successfully breached the databases of companies such as Adidas, Qantas, Allianz Life, and various brands under the LVMH umbrella, including Louis Vuitton, Dior, and Tiffany & Co. This widespread targeting of major corporations underscores the significant threat posed by the ShinyHunters group and the effectiveness of their social engineering tactics against even the most security-conscious organizations.
Reference:
