Automotive manufacturing large Stellantis has confirmed that attackers stole a few of its North American prospects’ knowledge after getting access to a third-party service supplier’s platform.
Stellantis is a multinational company shaped in 2021 after the merger of the PSA Group (Peugeot Société Anonyme) and Fiat Chrysler Cars (FCA). Stellantis is at present one of many largest automotive firms globally by income and the world’s fifth-largest automaker by quantity.
The corporate owns 14 main automotive manufacturers, together with Alfa Romeo, Chrysler, Citroën, Dodge, DS Cars, Fiat, Jeep, Lancia, Maserati, Opel, Peugeot, Ram, and Vauxhall, and it operates manufacturing services throughout Europe, North America, South America, and different areas, with operations in over 130 international locations.
Based on an announcement revealed over the weekend, the attackers solely stole buyer contact data through the breach because the compromised platform was not used to retailer monetary or different delicate private data.
“We not too long ago detected unauthorized entry to a third-party service supplier’s platform that helps our North American customer support operations,” Stellantis stated.
“Upon discovery, we instantly activated our incident response protocols, initiated a complete investigation, and took immediate motion to comprise and mitigate the state of affairs. We’re additionally notifying the suitable authorities and straight informing affected prospects.”
The auto large additionally suggested prospects to be cautious of potential phishing makes an attempt and to chorus from clicking suspicious hyperlinks or sharing private data when receiving surprising emails, texts, or calls.
BleepingComputer reached out to Stellantis with questions concerning the incident, however a response was not instantly out there.
Salesforce knowledge breach claimed by ShinyHunters
Though Stellantis did not share extra data concerning this assault, BleepingComputer has realized that it’s a part of a current wave of Salesforce knowledge breaches linked with the ShinyHunters extortion group, which has affected quite a few high-profile firms.
Earlier right this moment, ShinyHunters claimed accountability for the Stellantis knowledge breach and informed BleepingComputer that that they had stolen over 18 million Salesforce information, together with names and phone particulars, from the corporate’s Salesforce occasion.
Because the begin of the yr, the extortion group has been focusing on Salesforce prospects in knowledge theft assaults utilizing voice phishing assaults, impacting firms resembling Google, Cisco, Qantas, Adidas, Allianz Life, Farmers Insurance coverage, Workday, and LVMH subsidiaries, together with Dior, Louis Vuitton, and Tiffany & Co.
ShinyHunters additionally claims they used stolen OAuth tokens for Salesloft’s Drift AI chat integration with Salesforce to steal delicate data, resembling passwords, AWS entry keys, and Snowflake tokens, after getting access to prospects’ Salesforce cases.
Utilizing this methodology, they claimed to have stolen buyer data from Google, Cloudflare, Zscaler, Tenable, Palo Alto Networks, CyberArk, Nutanix, Qualys, Rubrik, Elastic, BeyondTrust, Proofpoint, JFrog, Cato Networks, and many extra.
Final week, the FBI launched a Flash alert sharing IOCs found through the assaults and warning about menace actors breaching organizations’ Salesforce environments to steal knowledge and extort victims. In the meantime, the extortion group informed BleepingComputer that that they had stolen over 1.5 billion Salesforce information from 760 firms, utilizing compromised Salesloft Drift OAuth tokens.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration traits.
