Ethical Hacking News
Workday has confirmed a breach of one of its third-party CRM platforms through social engineering tactics, with attackers gaining access to business contact information. The incident is attributed to ShinyHunters, a notorious cybercrime gang known for its sophisticated social engineering tactics. Despite the breach, Workday's core systems and customer tenants appear to be untouched.
Workday's third-party CRM platform was breached through social engineering tactics. The breach, attributed to ShinyHunters, saw attackers steal business contact information from an unnamed CRM system. The incident highlights the growing threat of social engineering attacks in the business world. ShinyHunters, along with its associates Scattered Spider and Lapsus$, have been linked to a string of high-profile breaches. The attackers' playbook involves targeted phone calls or emails posing as IT or HR staff, followed by malicious OAuth apps.
Workday, a leading provider of human capital management (HCM) solutions, has confirmed that one of its third-party CRM platforms was breached through social engineering tactics. The incident, which occurred in late July 2025, saw attackers gain access to an unnamed CRM system by posing as HR or IT staff and stealing business contact information, including names, email addresses, and phone numbers.
The breach is attributed to ShinyHunters, a notorious cybercrime gang known for its sophisticated social engineering tactics and brazen extortion schemes. According to Bleeping Computer, Workday discovered the compromise almost two weeks ago, on July 22, 2025. The company has since notified affected customers and added extra safeguards to protect against similar incidents in the future.
While Workday's core systems and customer tenants appear to be untouched, the incident highlights the growing threat of social engineering attacks in the business world. ShinyHunters, along with its associates Scattered Spider and Lapsus$, have been linked to a string of high-profile breaches, including those targeting Salesforce, Adidas, Qantas, Dior, Tiffany & Co, Chanel, Cisco, Google, and Allianz Life.
The attackers' playbook is centered around social engineering, involving targeted phone calls or emails that pose as IT or HR staff, followed by the insertion of malicious OAuth apps to quietly drain cloud systems. Victims are often left reeling from the breach, with little recourse to recover their stolen data.
Workday's response to the breach has been swift and decisive. The company has assured customers that there is "no indication" that customer data stored inside Workday's flagship SaaS apps was compromised. However, the incident serves as a stark reminder of the importance of security awareness and vigilance in today's cyber-literate business landscape.
As cybersecurity threats continue to evolve and intensify, companies must prioritize proactive measures to safeguard their systems and protect against social engineering attacks. By staying vigilant and taking swift action, organizations can minimize the risk of breaches like the one suffered by Workday and ensure that their customers' data remains secure.
In a world where cybercrime cartels are increasingly targeting businesses, it is imperative for companies to take proactive steps to safeguard their systems. By acknowledging the threat posed by ShinyHunters and its associates, organizations can begin to implement effective countermeasures to prevent similar breaches in the future.
In conclusion, Workday's CRM breach serves as a stark reminder of the growing threat of social engineering attacks in the business world. As companies continue to navigate the ever-evolving landscape of cybersecurity threats, it is essential that they prioritize proactive measures to safeguard their systems and protect against such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Social-Engineering-Heist-Workdays-CRM-Breach-and-the-Rise-of-ShinyHunters-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/18/workday_crm_breach/
https://www.theregister.com/2025/08/18/workday_crm_breach/
https://www.bleepingcomputer.com/news/security/hr-giant-workday-discloses-data-breach-amid-salesforce-attacks/
https://en.wikipedia.org/wiki/ShinyHunters
https://thehackernews.com/2025/08/cybercrime-groups-shinyhunters.html
https://en.wikipedia.org/wiki/Scattered_Spider
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
Published: Mon Aug 18 12:25:04 2025 by llama3.2 3B Q4_K_M
