Workday, one of the largest providers of human resources technology, has confirmed a data breach that allowed hackers to steal personal information from one of its third-party customer relationship databases.
In a blog post published late Friday, the HR technology giant said the hackers stole an unspecified amount of personal information from the database, which Workday said was primarily used to store contact information, such as names, email addresses, and phone numbers.
Workday did not explicitly rule out that customer information was taken in the data breach, stating only that there was “no indication of access to customer tenants or the data within them,” which corporate customers typically use to store the bulk of their human resources files and employees’ personal data.
The company said the stolen information may be used to further social engineering scams, where hackers trick or threaten victims into giving them access to sensitive data.
Workday has more than 11,000 corporate customers, serving at least 70 million users around the world, per the company’s website. Bleeping Computer reports that the hack was discovered on August 6.
Workday did not identify the breached third-party customer database platform, but follows in a recent spate of cyberattacks targeting Salesforce-hosted databases used by large companies to store customer data. In recent weeks, Google, Cisco, airline giant Qantas, and retailer Pandora have all had reams of data stolen from their Salesforce databases.
Google attributed the breaches to ShinyHunters, a group of hackers known for using voice phishing to steal corporate data by tricking company employees into granting them access to their cloud-based databases. Google said ShinyHunters was likely in the process of preparing a data leak site to extort its victims into paying the hackers to delete the data, akin to how ransomware gangs operate.
Connor Spielmaker, a spokesperson for Workday, did not comment beyond Workday’s blog post or answer TechCrunch’s questions, including whether Workday knows how many individuals had data stolen or who the stolen data relates to, such as Workday employees or Workday’s corporate customers. Workday would not say if it has the technical means, such as logs, to determine what customer data was exfiltrated.
As of the time of publication, Workday’s blog post disclosing the breach contained a hidden “noindex” tag in its source code, which instructs search engines to ignore the page, making it difficult for anyone searching the web to find the page.
It’s not clear for what reason Workday is hiding its data breach notification from search engines.
Do you know more about the Workday data breach or attacks targeting Salesforce databases? Have you been notified about a data breach? Securely contact this reporter via encrypted message at zackwhittaker.1337 on Signal.
Updated with a response from Workday.
Source link
