Password leak leads to major CRM customer data haul.
A security breach at customer relationship management (CRM) firm
Salesforce.com
has led to a large-scale leak of confidential user data, which has been put to use for targeted phishing attack posing as
Salesforce
invoices.
Salesforce
offer a software-as-service platform for CRM, covering sales and marketing information management online. The leak apparently occurred when a
Salesforce
employee handed over login credentials after being tricked by a phish. With employee access to company databases, the phishers harvested data including email addresses and other contact details, which were then used for further targeted phishing. There has also been some evidence of the addresses being spammed with malware attacks, possibly enabling further data gathering.
Salesforce
has issued an email to over a million users, warning of the risk of phishing and suggesting a series of security steps to minimise the risk of fraud. The statement is
here
.
Posted on 09 November 2007 by
Virus Bulletin
Leave a Reply