Workday Targeted in Phishing Scheme

While not officially confirmed, the incident is believed to be linked to the “ShinyHunters” extortion group, which targets Salesforce CRM instances through social engineering and voice phishing attacks. In this scheme, attackers contact employees through text messages or phone calls, pretending to be from the HR or IT department. The goal is to trick employees into giving up their login information. While the attackers were able to access some information from one of Workday’s third-party CRM systems, believed to be Salesforce, the company has assured its customers that their own systems and data were not affected.

The compromised information was limited to publicly available business contact details like names, email addresses, and phone numbers, which the attackers may use for further scams. Workday is not alone; other high-profile companies like Adidas, Qantas, Allianz Life, Louis Vuitton, Dior, Tiffany & Co., Chanel, and Google have also been breached in this campaign. The attacks, which may have started at the beginning of the year, involve tricking employees into linking a malicious app to their company’s Salesforce account. Workday acted quickly to cut off the threat actor’s access and has put additional security measures in place. The company reminds users that it never asks for passwords or other secure information over the phone, and all official requests will come through established support channels.

Source: https://blog.workday.com/en-us/protecting-you-from-social-engineering-campaigns-update-from-workday.html