Stellantis customer data breach: Difference between revisions

← Older edit Newer edit →

VisualWikitext

@@ Line 10: / Line 10: @@
 ==Customer Data Breach==
-On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web |date=2025-09-21 |title=Third-Party Platform Data Incident |url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |url-status=live |archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |archive-date=2025-09-23 |access-date=2025-09-28 |website=Stellantis North America}}</ref> They did not reveal how many customers were impacted, only that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, claiming to have stolen over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web |last=Gatlan |first=Sergiu |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |url-status=live |archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |archive-date=2025-09-24 |access-date=2025-09-28 |website=Bleeping Computer}}</ref>
+On September 21, 2025, Stellantis North America reported the data breach on their website.<ref name=":0">{{Cite web |date=2025-09-21 |title=Third-Party Platform Data Incident |url=https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |url-status=live |archive-url=https://web.archive.org/web/20250923153055/https://media.stellantisnorthamerica.com/newsrelease.do?id=27079 |archive-date=2025-09-23 |access-date=2025-09-28 |website=Stellantis North America}}</ref> They stated that the data was limited to contact information and that the breach did not involve any financial or sensitive personal information. They did not include an estimate of impacted customers. Bleeping Computer reported that extortion group ShinyHunters took credit for the breach, stating that they stole over 18 million Salesforce records pertaining to contact information.<ref name=":1">{{Cite web |last=Gatlan |first=Sergiu |date=2025-09-22 |title=Automaker giant Stellantis confirms data breach after Salesforce hack |url=https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |url-status=live |archive-url=https://web.archive.org/web/20250924065416/https://www.bleepingcomputer.com/news/security/automaker-giant-stellantis-confirms-data-breach-after-salesforce-hack/ |archive-date=2025-09-24 |access-date=2025-09-28 |website=Bleeping Computer}}</ref>
 ==Company Response==
@@ Line 18: / Line 18: @@
 ==Background==
-The ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as Google, Cisco, and Workday.<ref name=":1" /> They did not reveal to Bleeping Computer the method used to gain access in this incident, however, their recent tactics in similar attacks included social engineering<ref>{{Cite web |last=Toulas |first=Bill |date=2025-06-04 |title=Google: Hackers target Salesforce accounts in data extortion attacks |url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |url-status=live |archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |archive-date=2025-09-19 |access-date=2025-09-29 |website=Bleeping Computer}}</ref> and stolen OAuth tokens that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web |last=Abrams |first=Lawrence |date=2025-08-28 |title=Google warns Salesloft breach impacted some Workspace accounts |url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |url-status=live |archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |archive-date=2025-09-12 |access-date=2025-09-29 |website=Bleeping Computer}}</ref>
+The Bleeping Computer reports that the ShinyHunters group accessed Stellantis data as part of a larger effort targeted at Salesforce, which included data stolen from many other large companies in 2025, such as [[Google]], [[Cisco Systems, Inc.]], and Workday.<ref name=":1" /> The group did not reveal to Bleeping Computer the methods used to gain access in this incident, however, their tactics in the similar attacks on Salesforce included social engineering<ref>{{Cite web |last=Toulas |first=Bill |date=2025-06-04 |title=Google: Hackers target Salesforce accounts in data extortion attacks |url=https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |url-status=live |archive-url=https://web.archive.org/web/20250919162222/https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ |archive-date=2025-09-19 |access-date=2025-09-29 |website=Bleeping Computer}}</ref> and stolen credentials that allowed access through the Salesloft Drift AI chat integration with Salesforce.<ref>{{Cite web |last=Abrams |first=Lawrence |date=2025-08-28 |title=Google warns Salesloft breach impacted some Workspace accounts |url=https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |url-status=live |archive-url=https://web.archive.org/web/20250912100941/https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/ |archive-date=2025-09-12 |access-date=2025-09-29 |website=Bleeping Computer}}</ref>
 ==See Also==