ShinyHunters Target Chanel in Salesforce Linked Data Breach

The luxury fashion brand Chanel has announced that it suffered a data breach, affecting some of its customers in the United States. Chanel has sent a letter to clients stating that it became aware on July 25 of a security incident involving a US database hosted by a third-party service.

This database, which was part of the company’s Salesforce environment, was accessed by an outside party who obtained client information. A spokesperson for Chanel confirmed the security incident, explaining that an investigation found there was unauthorised access to the database.

“Based on the findings of the investigation, the data obtained by the unauthorised external party contained limited details of a subset of individuals who contacted our client care centre in the US,” the statement reads.

The company claims that no malicious software was used on their systems, and its daily operations were not affected. The breach only exposed limited details, including the names, email addresses, mailing addresses, and phone numbers of people who had contacted the US client care centre. Upon discovering the problem, Chanel promptly activated its security procedures and brought in leading cybersecurity experts to help with the investigation.

BleepingComputer reports that this incident is part of a larger trend of attacks targeting Salesforce users, which has been linked to a group of cybercriminals known as ShinyHunters. Chanel is the latest of several major companies to be hit by these attacks. Other high-profile brands, including Adidas and LVMH brands like Louis Vuitton, Dior, and Tiffany & Co., have also been targeted.

These attackers don’t use traditional hacking methods. Instead, they used social engineering to get what they wanted. Specifically, the criminals have been using a technique called “vishing,” or voice phishing, to trick employees over the phone into giving up their login details or granting access to a harmful application. Once inside, they steal the database and use the information as leverage to demand money.

Salesforce, the company whose platform was targeted, has stated that its systems were not compromised. They explained that the problems are not due to any weaknesses in their technology but rather are the result of these social engineering attacks. Salesforce emphasises that companies must play a critical role in keeping their data safe, especially with the increase in these kinds of sophisticated scams.

“Salesforce is a treasure trove of regulated and privacy-sensitive business processes and data across domains like customer service and beyond,” noted Mr. Piyush Pandey, CEO at Pathlock.”

“This requires a high level of scrutiny into how access controls, monitoring, and third-party integrations are configured and audited. Organisations need to rethink their approaches to access governance in these environments, given these factors, compounded by the sophistication of modern threats,” he advised.