Latest news with #Salesforce-hosted
Time of India
a day ago
- Business
- Time of India
HR software maker Workday confirms breach; hackers may have stolen personal data, company says: ‘We recently identified…'
Image credit: Workday Workday, a major provider of human resources technology, has confirmed a data breach that resulted in the theft of personal information from one of its third-party databases. In a blog post, the company announced that hackers stole an unspecified amount of data, primarily consisting of contact information such as names, email addresses, and phone numbers. The breach was part of a "social engineering campaign" that targeted several large organisations. Workday explained that in this campaign, threat actors contacted employees via text or phone, posing as HR or IT staff, to trick them into giving up account access or personal information. What Workday said about the data breach In its blog post, Workday wrote: 'We recently identified that Workday had been targeted and threat actors were able to access some information from our third-party CRM platform. There is no indication of access to customer tenants or the data within them. We acted quickly to cut the access and have added extra safeguards to protect against similar incidents in the future.' However, the company did not explicitly rule out the possibility that customer information was compromised, as corporate clients typically store most of their HR records and employees' personal information with Workday. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Passive Income Ideas Sitting at Home Mone Click Here Undo Workday, which serves more than 11,000 corporate clients and at least 70 million users globally, reportedly detected it earlier this month. The company also did not clarify whether it has the technical capabilities, such as access logs, to confirm if any customer data was stolen. While the company did not disclose the name of the third-party customer database platform involved, the incident comes amid a wave of cyberattacks targeting Salesforce-hosted databases used by major corporations. In recent weeks, Google, Cisco, Qantas, and Pandora have all suffered data theft from their Salesforce systems. Google attributed these breaches to ShinyHunters, a hacking group known for using voice phishing to trick employees into granting access to cloud databases. The company added that ShinyHunters was likely preparing a data leak site to pressure victims into paying for data deletion, a tactic similar to ransomware operations. Redmi 15 5G Unboxing and First Look: What's New and Key Specifications
Business Insider
2 days ago
- Business
- Business Insider
Workday (WDAY) Gets Hit with a Data Breach
Workday (WDAY), a major player in human resources technology, confirmed that it experienced a data breach involving one of its third-party customer relationship platforms. In a recent blog post, the company revealed that hackers accessed personal data—mainly names, phone numbers, and email addresses—that were stored in the affected system. While the exact amount of information stolen hasn't been disclosed, the breach did not appear to impact the core HR systems used by customers to manage sensitive employee data. Elevate Your Investing Strategy: Take advantage of TipRanks Premium at 50% off! Unlock powerful investing tools, advanced data, and expert analyst insights to help you invest with confidence. Although Workday stated there was no evidence that its customer environments were accessed, it didn't completely rule out the possibility. Nevertheless, the company warned that the stolen information could be used for social engineering scams, where attackers trick individuals into handing over even more sensitive data. The breach is particularly concerning due to Workday's huge customer base, which includes over 11,000 businesses and more than 70 million users. The incident was first reported on August 6, according to Bleeping Computer. Interestingly, Workday didn't name the third-party platform that was compromised, but the incident follows a string of similar attacks on Salesforce-hosted (CRM) databases. Recently, companies like Google (GOOGL) and Cisco (CSCO) have also experienced breaches tied to Salesforce systems. Google believes that the group behind these attacks is ShinyHunters, known for using voice phishing to gain access to corporate cloud data. As of now, Workday has not answered key questions about the breach, including how many people were affected or whose data was taken. Is WDAY Stock a Good Buy? Turning to Wall Street, analysts have a Moderate Buy consensus rating on WDAY stock based on 22 Buys, eight Holds, and one Sell assigned in the past three months, as indicated by the graphic below. Furthermore, the average WDAY price target of $290.25 per share implies 26.2% upside potential.
Mint
2 days ago
- Business
- Mint
Data breach alert: Workday confirms personal data stolen; hackers could access names, emails, and phone numbers
Workday, a major provider of human resources technology, has confirmed a data breach that resulted in the theft of personal information from one of its third-party customer relationship databases. In a blog post published on Friday, the company revealed that hackers accessed an unspecified volume of data, primarily comprising contact details such as names, email addresses, and phone numbers. Workday did not confirm whether any corporate customer information was affected, stating only that there was 'no indication of access to customer tenants or the data within them.' These tenants are typically used by clients to store the bulk of human resources files and employees' personal information. The company warned that the stolen information could be exploited in social engineering attacks, in which cybercriminals manipulate or threaten victims to gain access to sensitive data. According to a TechCrunch report, Workday serves more than 11,000 corporate customers and supports at least 70 million users globally. According to Bleeping Computer, the breach was detected on 6 August. Reportedly, the firm did not disclose the name of the compromised third-party database, but the incident comes amid a series of attacks targeting Salesforce-hosted databases. Recent victims include Google, Cisco, airline Qantas, and jewellery retailer Pandora, all of which suffered data theft from their cloud-based systems. Google confirmed that one of its Salesforce systems used for storing small and medium business contact data was briefly compromised by a cybercriminal group known as UNC6040, which uses voice phishing or 'vishing', to trick employees into handing over access to sensitive tools. The attackers used a social engineering technique, where they impersonated IT support staff during phone calls, convincing employees to authorise malicious software connected to their Salesforce environment. This allowed the group to access and extract basic business contact details, most of which, Google says, were already publicly available, before the breach was detected and stopped. Notably, the group behind the attack, UNC6040, is known for targeting Salesforce platforms by abusing tools like the 'Data Loader' app, a legitimate application that allows bulk data handling. In many cases, the hackers use fake versions of this app with misleading names, such as 'My Ticket Portal,' to avoid detection during the phishing calls.
