Automotive manufacturing veteran Salentis has confirmed that the attackers have stolen some data of their North American customers after achieving access to the third-party service provider’s platform.
Stelanis is a multinational corporation formed in 2021 after the merger of PSA Group (Peugeot Société Enonyme) and Fiat Chrisler Automobile (FCA). Stalentis is currently one of the largest motor vehicle companies globally by revenue and by the world’s fifth largest automaker volume.
The company has 14 major automotive brands, including Alpha Romeo, Chrisler, Citroen, Dodge, DS Automobiles, Fiat, Jeep, Lennsia, Masareti, Opel, Pujot, Ram and Vaxhall, and it operates in Europe, North America, South America, South America with operations in 130 countries.
According to a statement published over the weekend, the attackers stole customer contact information only during the breech as the compromised platforms were not used to store financial or other sensitive personal information.
“We recently discovered unauthorized access to the platform of a third-party service provider, which supports our North American customer service,” Stelantis said,
“On search, we immediately activated our event response protocol, initiated a comprehensive investigation, and took quick action to reduce and reduce the situation. We are also informing appropriate officers and directly informed to the affected customers.”
Auto giants advised customers to be cautious with potential fishing efforts and avoid sharing personal information while receiving unexpected emails, texts, or calls.
The bleepingcomputer reached the stalentis with questions about the phenomenon, but a reaction was not available immediately.
Salesforce Data claimed by Breech Shinhetors
Although Salentis did not share much information about this attack, BlappingComper has learned that these sighinhunters are part of the recent wave of Salesforce data violations associated with forcible recovery group, which have affected many high-profile companies.
Earlier today, Shinyhunters claimed responsibility for stalentis data breech and told Bleepingcomputer that they had stolen more than 18 million salesforce records including name and contact details from the company’s salesforce example.
Since the beginning of the year, the forced recovery group has targeted salesforce customers in data theft attacks using voice phishing attacks, such as impressing companies Google, Tiffany & Co,
Shinyhunters also claim that they use stolen Oauth tokens with salesforce for AI chat AI chat AI chat, such as sensitive information, such as passwords, AWS access keys, and snowflake tokens, customers’ examples.
Using this method, he claimed to steal customers’ information from Google, Cloudflare, Zscler, WorthyPalo Alto Network, Cyberk, Neutanix, Qualis, Rubric, Elastic, Beyond, Proof point, Jfrog, Cato networkAnd Too much,
Last week, the FBI released a flash alert -shared IOC discovered during the attacks and warned about the danger actors that they are disturbing the salesforce environment of organizations to steal data and get the victims out. Meanwhile, the forced recovery group told BlappingCopper that they had stolen more than 1.5 billion salesforce records from 760 companies, using the compromised salesloft drift ooutes tokens.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
