{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Workday Breach Tied to Third-Party CRM Hack in ShinyHunters Campaign","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/332200ee\"></iframe>","width":"100%","height":180,"duration":2023,"description":"Workday, one of the world’s leading providers of human resources and financial management software, has confirmed a data breach that exposed business contact information through a third-party CRM platform, not its core HR or financial systems. Discovered on August 6, 2025, the breach revealed names, email addresses, and phone numbers—data that, while not highly sensitive, could be leveraged in future social engineering or phishing attacks. Workday emphasized that no customer tenant environments or core customer data were accessed, and reminded users that the company will never request credentials or sensitive information by phone, urging vigilance in verifying communication channels.The breach appears connected to a wider campaign attributed to ShinyHunters, also known as UNC6040/UNC6240, a cybercriminal collective notorious for large-scale social engineering attacks. ShinyHunters and affiliated groups such as Scattered Spider have been targeting Salesforce CRM environments by impersonating IT staff in voice phishing (vishing) campaigns. Employees are tricked into authorizing malicious OAuth applications disguised as legitimate tools, such as modified “Data Loader” apps. Once granted, these apps gain API-level access, bypassing multi-factor authentication and allowing attackers to extract massive volumes of customer data.This tactic has already impacted global giants like Google, Adidas, Qantas, Cisco, Air France–KLM, Allianz Life, Coca-Cola, and luxury brands under LVMH. While passwords and payment card details were not compromised in these cases, millions of customer contact records—including loyalty program info and purchase histories—were stolen and weaponized in extortion attempts. In one brazen move, ShinyHunters even demanded 20 Bitcoins from Salesforce CEO Marc Benioff, threatening to leak records from over 90 organizations.The Workday breach underscores the growing supply chain risk inherent in enterprise SaaS ecosystems. Even when core platforms remain...","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}