Check this article from cyberdaily.au regarding a reported third-party breach. This one is from Danish jewelry brand Pandora.
“The company said that impacted data includes names, birthdates and email addresses, but that financial information, government identifiers and passwords were not accessed by the threat actors.”
So who was the third party? BleepingComputer has that part of the story:
“While Pandora has not shared the name of the third-party platform, BleepingComputer has learned that the data was stolen from the company’s Salesforce database.”
Not that it’s necessarily Salesforce’s fault. Access could have been granted by a Pandora employee as part of a social engineering attack.
All Salesforce users should read “Protect Your Salesforce Environment from Social Engineering Threats.”
It’s not just a technical issue, but also a business process issue.
Or a user education issue.
Bredemarket can help firms educate their users. Talk to me.
Bredemarket 