Stellantis has confirmed that attackers gained access to some of its North American customers’ data after breaching a third-party service provider’s platform.
The company said the compromised system was not used to store financial or highly sensitive personal details, but customer contact information was exposed.
In a statement published over the weekend, Stellantis explained: “We recently detected unauthorized access to a third-party service provider’s platform that supports our North American customer service operations. Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers.” The company also warned customers to be alert for phishing attempts and to avoid clicking on suspicious links or sharing personal data when receiving unexpected messages.
While Stellantis did not disclose further details, BleepingComputer reported that the attack is part of a broader wave of Salesforce-related breaches linked to the ShinyHunters extortion group. The hackers claimed responsibility for stealing over 18 million Salesforce records, including names and contact details, from Stellantis’ Salesforce instance.
ShinyHunters has been active throughout 2025, targeting Salesforce customers through voice phishing campaigns and exploiting stolen OAuth tokens tied to Salesloft’s Drift AI chat integration. This technique has allegedly allowed them to steal sensitive information like passwords, AWS keys, and Snowflake tokens. High-profile companies reportedly affected by the campaign include Google, Cisco, Adidas, Qantas, Farmers Insurance, and luxury brands under LVMH such as Dior, Louis Vuitton, and Tiffany & Co.
Last week, the FBI issued a Flash alert warning organizations about attackers breaching Salesforce environments to steal data and extort victims. The agency shared indicators of compromise (IOCs) related to these attacks and urged companies to strengthen defenses against ongoing threats.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
