Fixxx
Moder
- Joined
- 20.08.24
- Messages
- 769
- Reaction score
- 2,732
- Points
- 93
Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks. Pandora is one of the largest jewellery brands in the world, with 2,700 locations and over 37,000 employees.
As first reported by Forbes, only customers' names, birthdates, and email addresses were stolen in the attack. Passwords, IDs, and financial information were not exposed.
Since at least January 2025, threat actors have been conducting social engineering and phishing campaigns targeting companies' employees and help desks. These attacks are designed to steal Salesforce credentials or trick employees into authorizing a malicious OAuth application to their Salesforce account. Using this access, the threat actors download and steal the company's Salesforce database, which is then used to extort the company into paying a ransom to prevent the data from being leaked. The threat actor also confirmed that the attacks are ongoing, so all companies should review Salesforce's recommendations on hardening their accounts.
Other companies impacted in these attacks include Adidas, Qantas, Allianz Life, and the LVMH subsidiaries Louis Vuitton, Dior, and Tiffany & Co.
"We are writing to inform you that your contact information was accessed by an unauthorized party through a third-party platform we use," reads a Pandora data breach notification sent to customers. We stopped the access and have further strengthened our security measures."
As first reported by Forbes, only customers' names, birthdates, and email addresses were stolen in the attack. Passwords, IDs, and financial information were not exposed.
*Pandora data breach notification.
Since at least January 2025, threat actors have been conducting social engineering and phishing campaigns targeting companies' employees and help desks. These attacks are designed to steal Salesforce credentials or trick employees into authorizing a malicious OAuth application to their Salesforce account. Using this access, the threat actors download and steal the company's Salesforce database, which is then used to extort the company into paying a ransom to prevent the data from being leaked. The threat actor also confirmed that the attacks are ongoing, so all companies should review Salesforce's recommendations on hardening their accounts.
"Salesforce has not been compromised, and the issues described are not due to any known vulnerability in our platform. While Salesforce builds enterprise-grade security into everything we do, customers also play a critical role in keeping their data safe — especially amid a rise in sophisticated phishing and social engineering attacks," Salesforce told. "We continue to encourage all customers to follow security best practices, including enabling multi-factor authentication (MFA), enforcing the principle of least privilege, and carefully managing connected applications. For more information, please visit: https://www.salesforce.com/blog/protect-against-social-engineering/."
Other companies impacted in these attacks include Adidas, Qantas, Allianz Life, and the LVMH subsidiaries Louis Vuitton, Dior, and Tiffany & Co.