Danish jewelery giant Pendora has revealed a data breech when its customer information was stolen in the ongoing salesforce data theft attacks.
Pendora is one of the world’s largest jewelery brands, with more than 2,700 locations and more than 37,000 employees.
“We are writing to inform you that your contact information was used by an unauthorized party through a third-party platform, which we use,” is written in a pendora data breech notification sent to customers.
“We stopped access and strengthened our safety measures.”
As First reported By Forbes, only customers’ names, date of birth and email addresses were stolen in the attack. Passwords, IDs and financial information were not revealed.
Source: reddit
While Pendora has not shared the name of the third-party platform, Blapping Computer has learned that the data was stolen from the company’s salesforce database.
At least since January 2025, if not before, the danger actors are conducting social engineering and fishing campaigns that target employees of companies and help the desk.
These attacks are designed to authorize salesforce credentials or trick workers in their salesforce account.
Using this access, the actor of danger downloads and stealing the company’s salesforce databases, which is then used to give ransom to the company to give ransom to prevent data from leaking.
Shinyhunters confirmed Bleepingcomputer that they were out of private and would make a collective sales or leakage of companies that do not pay ransom in future, such as they had done snowflake data-chori attacks.
The actor also confirmed that the attacks were going on, so all companies should review the recommendations of the salesfors to tighten their accounts.
“सेल्सफोर्स से समझौता नहीं किया गया है, और वर्णित मुद्दे हमारे प्लेटफॉर्म में किसी भी ज्ञात भेद्यता के कारण नहीं हैं। जबकि सेल्सफोर्स हम जो कुछ भी करते हैं, उसमें एंटरप्राइज-ग्रेड सुरक्षा का निर्माण करता है, ग्राहक भी अपने डेटा को सुरक्षित रखने में एक महत्वपूर्ण भूमिका निभाते हैं-विशेष रूप से परिष्कृत फ़िशिंग और सोशल इंजीनियरिंग हमलों में वृद्धि के बीच,” सेल्सफोर्स ने ब्लेपिंगकॉम्पटर को बताया।
“We continue to encourage all customers to follow the best practices, including to enable multi-factor authentication (MFA), implementing the principle of at least privileges, and managing carefully associated applications. For more information, please see: https://www.salesforce.com/blog/protect-gainst- social- enginering/,
Other companies affected in these attacks include Adidas, Kantas, Allianz Life and LVMH assistants Louis Witon, Dyer and. Tiffany & Co.
However, Bleepingcomputer has been told that there are many more unknown.
Malware targeting password stores increased 3x as the attackers secretly carried out the perfect history landscape, infiltrated and exploited important systems.
Search for the top 10 Metter Att & CK techniques behind the 93% attacks and how to defend them.
