Ethical Hacking News
HR giant Workday has disclosed a data breach after a recent social engineering attack on one of its third-party CRM platforms, exposing business contact information for over 11,000 organizations. The breach is linked to the ShinyHunters extortion group and highlights the ongoing threat of social engineering attacks against large corporations.
Workday suffered a significant data breach due to a social engineering attack on one of its third-party CRM platforms. The breach compromised sensitive business contact information of over 11,000 organizations across various industries. The attackers targeted Workday in a social engineering campaign, gaining access to some company information but not customer tenants. The attackers attempted to trick employees into revealing account access or personal info via text or phone, using psychological manipulation. The breach is linked to the ShinyHunters extortion group, which targets Salesforce CRM instances through social engineering and voice phishing attacks. A significant portion of the Fortune 500 companies have been targeted by this specific type of attack.
On Friday, August 18, 2025, HR giant Workday disclosed a significant data breach that resulted from a recent social engineering attack against one of its third-party customer relationship management (CRM) platforms. The attackers managed to gain access to some of the information stored on the compromised CRM systems, compromising the sensitive business contact information of over 11,000 organizations across various industries.
According to Workday's official blog post, the company had been targeted in a social engineering campaign that targeted many large organizations, including itself. The threat actors successfully gained access to some of the information stored on the third-party CRM platform, but fortunately, no customer tenants were impacted. However, some business contact information was exposed, which could be used by malicious actors for future attacks.
The attackers had attempted to trick employees of Workday into revealing account access or personal information via text or phone, pretending to be from Human Resources or IT departments. This tactic is a classic example of social engineering, where the attackers use psychological manipulation to deceive victims into divulging sensitive information.
According to BleepingComputer, which has been following the incident, the Workday breach is believed to be part of a larger wave of security breaches linked to the ShinyHunters extortion group. The group targets Salesforce CRM instances through social engineering and voice phishing attacks, tricking employees into linking malicious OAuth apps to their company's Salesforce instances.
Once connected, the attackers use the link to download and steal the companies' databases, with the stolen data later being used to extort the victims via email. This attack pattern has been seen in multiple high-profile cases recently, including Adidas, Qantas, Allianz Life, Louis Vuitton, Dior, Tiffany & Co., Chanel, and Google.
The breach is particularly alarming given that Workday's customer list comprises over 60% of the Fortune 500 companies. This means that a significant portion of the world's largest and most influential organizations has been targeted by this specific type of attack.
In response to the incident, Workday has assured its customers that there is no indication of access to customer tenants or the data within them. However, some business contact information was exposed in the breach, including names, email addresses, and phone numbers, which could be used for future social engineering scams.
The breach highlights the importance of robust cybersecurity measures, especially for organizations that handle sensitive business contact information. It also emphasizes the need for employees to remain vigilant against social engineering tactics and to never reveal sensitive information without proper verification.
In conclusion, the Workday data breach is a significant reminder of the ongoing threat landscape in the world of cybersecurity. As more and more high-profile attacks are reported, it becomes increasingly clear that organizations must take proactive steps to protect themselves against these types of threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Workday-Discloses-Data-Breach-Following-Salesforce-Attack-Exposing-Business-Contact-Information-ehn.shtml
https://www.bleepingcomputer.com/news/security/hr-giant-workday-discloses-data-breach-amid-salesforce-attacks/
https://securityaffairs.com/181271/data-breach/human-resources-firm-workday-disclosed-a-data-breach.html
https://cybersecuritynews.com/shinyhunters-breaches/
https://thehackernews.com/2025/08/cybercrime-groups-shinyhunters.html
https://en.wikipedia.org/wiki/ShinyHunters
Published: Mon Aug 18 05:26:25 2025 by llama3.2 3B Q4_K_M
