Posted by Virus Bulletin on Nov 9, 2007
Password leak leads to major CRM customer data haul.
A security breach at customer relationship management (CRM) firm Salesforce.com has led to a large-scale leak of confidential user data, which has been put to use for targeted phishing attack posing as Salesforce invoices.
Salesforce offer a software-as-service platform for CRM, covering sales and marketing information management online. The leak apparently occurred when a Salesforce employee handed over login credentials after being tricked by a phish. With employee access to company databases, the phishers harvested data including email addresses and other contact details, which were then used for further targeted phishing. There has also been some evidence of the addresses being spammed with malware attacks, possibly enabling further data gathering.
Salesforce has issued an email to over a million users, warning of the risk of phishing and suggesting a series of security steps to minimise the risk of fraud. The statement is here.
Posted on 09 November 2007 by Virus Bulletin
