Luxury fashion house Chanel has confirmed a data breach involving its customer information in the United States, becoming the latest victim in a growing wave of cyberattacks linked to Salesforce data theft.
The company said it first detected the breach on July 25th, after threat actors gained access to a Chanel database hosted by a third-party service provider, according to a report by WWD. Chanel did not name the service provider publicly, but reports suggest that the data was taken from its Salesforce system.
In a statement, Chanel said that only a limited group of U.S. customers were affected. The exposed information includes names, email addresses, mailing addresses, and phone numbers of individuals who had previously contacted the company’s customer care center.
“No other information was contained in the database,” a Chanel spokesperson told WWD, adding that the affected customers have already been informed.
This incident is part of a larger pattern of cyberattacks targeting companies using Salesforce. According to cybersecurity firm Mandiant, a hacking group known as ShinyHunters has been conducting voice phishing campaigns, also known as vishing, to trick employees into giving up credentials or authorizing malicious third-party apps on Salesforce platforms.
Once access is gained, attackers download sensitive data and use it to demand ransom payments. Although no leaked data has been made public yet, many companies are reportedly being contacted directly by the attackers through email.
Salesforce has confirmed that its systems were not compromised, stating that these attacks are the result of social engineering and not due to any platform vulnerability.
In a statement to BleepingComputer, Salesforce said,
“Salesforce has not been compromised… Customers play a critical role in keeping their data safe — especially amid a rise in sophisticated phishing and social engineering attacks.”
Salesforce has urged all its customers to follow strong security practices such as enabling multi-factor authentication (MFA), limiting user access through least-privilege principles, and carefully reviewing connected apps.
Chanel is not alone in this situation. Other companies impacted by similar Salesforce-related breaches include Adidas, Qantas, Allianz Life, and LVMH brands such as Louis Vuitton, Dior, and Tiffany & Co.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
As investigations continue, more companies may come forward. Several other organizations are believed to be affected, although those incidents have not yet been officially confirmed.
