Workday has confirmed a data breach after threat actors gained access to a third-party customer relationship management (CRM) platform.
In a blog post on Friday, the HR tech giant said hackers gained access to sensitive information hosted on the affected CRM system, but insisted no customer tenants – or the data contained within – were accessed.
Information exposed in the breach primarily included contact details such as names, email addresses, and phone numbers, the company revealed.
“We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform,” the company stated in its advisory.
“There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.”
Given the nature of the information exposed in the breach, Workday warned customers to be wary of potential social engineering campaigns in the wake of the incident.
“It’s important to remember that Workday will never contact anyone by phone to request a password or any other secure details,” the firm said. “All official communications from Workday come through our trusted support channels.”
Kevin Marriott, senior manager of cyber and head of SecOps at Immersive, said this is a typical tactic observed in the aftermath of a data breach.
“This information is then used in subsequent social engineering attempts, or combined with other data already collected to make future social engineering attempts even more personalized, using the data captured," he said.
Workday data breach the latest CRM-based incident
While Workday didn’t specifically identify the CRM system affected in the breach, the news comes in the wake of a string of Salesforce-based attacks on enterprises globally.
Threat intelligence research shows that the ShinyHunters threats group has conducted a wide-reaching campaign targeting Salesforce users in recent months.
Companies impacted in the campaign are believed to include Qantas, Allianz Life, Adidas, and several other retail brands worldwide.
Similarly, Google recently confirmed it had been attacked as part of the campaign. The discovery came after threat researchers at the tech giant investigating the ShinyHunters group realized it too had fallen victim.
The social engineering campaign involves duping employees into linking a malicious OAuth app to the target company’s Salesforce instances.
Once access to an impacted database has been achieved, threat actors are then able to access, query, and exfiltrate sensitive information from customer environments, according to Google’s blog post detailing the campaign.
Marriott noted that CRM tools are a popular target for threat actors, largely due to the volume of useful information hosted on these platforms.
“CRM tooling is often a key target for threat actors as they typically store limited, but valuable information that threat actors can either use themselves or sell on, with databases full of information that is useful such as email addresses and other personal information,” he said.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Banking details of 30 million Santander customers exposed during breach
- Nearly one-third of ransomware victims are hit multiple times
- US extradites French ShinyHunters hacker, faces 123 years in prison
-
Google wants to take hackers to courtNews You don't have a package waiting for you, it's a scam – and Google is fighting back
-
Laid off Intel engineer accused of stealing 18,000 files on the way outNews Intel wants the files back, so it's filed a lawsuit claiming $250,000 in damages
-
GitHub is awash with leaked AI company secrets – API keys, tokens, and credentials were all found out in the openNews Wiz research suggests AI leaders need to clean up their act when it comes to secrets leaking
-
When cyber professionals go rogue: A former ‘ransomware negotiator’ has been charged amid claims they attacked and extorted businessesNews The attackers are alleged to have demanded ransoms of up to $10 million
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
