BleepingComputer reports that major French luxury brand Chanel had U.S. customers' personal contact details exposed following the compromise of a database hosted by a third-party service provider.
Attackers who breached the database were able to pilfer U.S. clients' names, mailing addresses, email addresses, and phone numbers, noted a Chanel spokesperson in a statement to fashion-industry trade journal Women's Wear Daily. Despite the lack of additional information regarding the infiltrated database, such compromise was discovered to have involved a Salesforce instance targeted amid a slew of attacks by the ShinyHunters extortion operation, which were confirmed to have impacted LVMH brands Louis Vuitton, Tiffany & Co., and Dior, as well as Adidas, Allianz Life, and Qantas. ShinyHunters was noted by Mandiant to have targeted Salesforce clients with voice phishing intrusions aimed at infiltrating their instances for further illicit activity. Such compromise was emphasized by Salesforce to involve social engineering and not a direct breach of its platform.
Attackers who breached the database were able to pilfer U.S. clients' names, mailing addresses, email addresses, and phone numbers, noted a Chanel spokesperson in a statement to fashion-industry trade journal Women's Wear Daily. Despite the lack of additional information regarding the infiltrated database, such compromise was discovered to have involved a Salesforce instance targeted amid a slew of attacks by the ShinyHunters extortion operation, which were confirmed to have impacted LVMH brands Louis Vuitton, Tiffany & Co., and Dior, as well as Adidas, Allianz Life, and Qantas. ShinyHunters was noted by Mandiant to have targeted Salesforce clients with voice phishing intrusions aimed at infiltrating their instances for further illicit activity. Such compromise was emphasized by Salesforce to involve social engineering and not a direct breach of its platform.
