Luxury fashion house Chanel notified customers of a data breach discovered July 25, affecting a subset of US client care contacts. Hackers accessed names, email addresses, mailing addresses, and phone numbers through a compromised third-party Salesforce provider.
The breach is part of a larger wave targeting Salesforce customers since March, using voice phishing tactics to trick employees into authorizing malicious apps. Other luxury brands hit include Adidas, Dior, and Tiffany & Co.
Threat actors identifying as ShinyHunters typically follow up with extortion demands, giving victims 72 hours to pay Bitcoin ransoms or face data publication on underground forums.
Source: Dark Reading