Phished Salesforce.com data used for phishing attacks

Password leak leads to major CRM customer data haul.

A security breach at customer relationship management (CRM) firm Salesforce.com has led to a large-scale leak of confidential user data, which has been put to use for targeted phishing attack posing as Salesforce invoices.

Advertise on www.virusbtn.com

Salesforce offer a software-as-service platform for CRM, covering sales and marketing information management online. The leak apparently occurred when a Salesforce employee handed over login credentials after being tricked by a phish. With employee access to company databases, the phishers harvested data including email addresses and other contact details, which were then used for further targeted phishing. There has also been some evidence of the addresses being spammed with malware attacks, possibly enabling further data gathering.

Salesforce has issued an email to over a million users, warning of the risk of phishing and suggesting a series of security steps to minimise the risk of fraud. The statement is here.

09 November 2007

Tags: data leak, phishing, social engineering, spam.    del.icio.us  digg this! digg this

Poll

Have you ever been conned by a phishing email?
I have never seen/recognised a phishing email
I always ignore or delete phishing emails
I have responded but realised in time to prevent any damage
I have lost money/accounts have been compromised

Leave a comment
View 12 comments
Jobs Recruit Sidebar

VB100 certification

VB100 With a new set of samples to measure detection against, a new platform on new hardware and a selection of new products in the mix, John Hawes had his work cut out in this comparative review on Windows XP SP3.
See full results.
Virus Bulletin currently has 137,607 registered users.