Pandora Jewelry confirms data breach caused by third-party platform attack
Learn More
Pandora, the Danish global jewelry brand, has confirmed that it suffered a data breach.
The cause of the attack is a social engineering campaign targeting the company's third-party service provider. While Pandora has not shared the name of the third-party platform, BleepingComputer has learned that the data was stolen from the company's Salesforce database.
This breach is part of an ongoing wave of attacks against major global companies using Salesforce instances, in which threat actors have been conducting social engineering and phishing campaigns targeting companies' employees and help desks, designed to steal Salesforce credentials or trick employees into authorizing a malicious OAuth application to their Salesforce account.
The attack impersonated IT support staff in phone calls to targeted employees, attempting to persuade them into visiting Salesforce's connected app setup page where they were instructed to enter a "connection code" that linked a malicious OAuth application to the target's Salesforce environment. The threat actors have been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances
Exposed data types include:
- Names
- Email addresses
- Birthdates
- Phone numbers
The number of affected individuals is not disclosed.
The company sent out emails to potentially impacted customers confirming the cyberattack, noting that "some customer information was accessed through a third-party platform that we use" and not through infiltration of its core internal systems.
