Earlier this summer, Google announced that it had uncovered a hacking campaign that had compromised Salesforce customer accounts on a massive scale. It turned out that a number of well-known companies, including Google itself, were among the victims of the attackers. How the scammers' scheme worked.
Earlier this summer, Google announced that it had uncovered a hacking campaign that had compromised Salesforce customer accounts on a massive scale. It turned out that a number of well-known companies, including Google itself, were among the victims of the attackers. How the scammers' scheme worked.
As Ars Technica reports, the attackers operate in a very simple but effective way: They impersonate a customer’s IT department employee and simulate some kind of problem that requires immediate access to the account.
The series of hacking attacks is being carried out by attackers who are looking to steal data and sell it for extremely high prices. Instead of exploiting vulnerabilities in software or websites, they simply call the victim and ask for access. This tactic has proven to be extremely successful — among the companies whose Salesforce accounts were compromised in the attack are Adidas, Qantas, Allianz Life, Cisco and LVMH subsidiaries Louis Vuitton, Dior and Tiffany & Co.
Hackers are exploiting a Salesforce feature that allows customers to connect their accounts to third-party apps that integrate data with internal systems for blogging, mapping tools, and similar resources. The attackers contact employees and instruct them to connect an external app to their Salesforce account. When the employee follows the instructions, the attackers ask them to provide an eight-digit security code that the Salesforce interface requires before connecting. The attackers then use that number to gain access to the account and all the data stored in it.
Google said its Salesforce account was among those hacked. It happened back in June, but Google only announced it this week, likely because the company only recently learned about it.
«Analysis showed that the data was stolen by the attackers over a short period of time before access was interrupted,» the company said. The data stolen by the attackers was limited to business information such as company names and contact details, which Google said was already «largely publicly available.»
This attack is likely to have affected many companies that have not yet reported it. All Salesforce customers are advised to carefully review their instances to determine which external sources have access to them.
