Malkoff        
Results 1 to 2 of 2

Thread: salesforce.com's customer list stolen, used for highly targeted phishing scams

  1. #1
    *Flashaholic*
    Join Date
    Dec 2003
    Location
    USA
    Posts
    8,159

    Default salesforce.com's customer list stolen, used for highly targeted phishing scams

    Salesforce.com Acknowledges Data Loss

    On Oct. 19, Security Fix reported that payroll giant Automatic Data Processing (ADP) and several banks -- including Suntrust -- were among a number of institutions that were victimized by a series of highly-targeted phishing scams that addresses recipients by name and asked them to click on a link - which tried to download password-stealing malicious software. A Suntrust executive alleged that the scammers obtained their list of Suntrust customers via a data compromise at Salesforce.com.

    A Salesforce.com executive would not answer direct questions about the incident at the time. Salesforce.com data also was implicated in a pair of targeted malware attacks that appeared to have been sent from the Federal Trade Commission, an attack that installed password-stealing software on PCs of more than 500 victims.

    Now, in an e-mail sent Monday to nearly a million customers, Salesforce.com is finally owning up to a data loss.

    http://blog.washingtonpost.com/secur...edges_dat.html

    http://blog.washingtonpost.com/secur..._ftc_em_1.html

  2. #2
    Flashaholic*
    Join Date
    Jan 2006
    Location
    Los Angeles, Calif.
    Posts
    1,470

    Default Re: salesforce.com's customer list stolen, used for highly targeted phishing scams

    Damn, that's pretty heavy duty. I sorta wonder if companies just don't really care that much about their customer's data. Banks spend $$$$ to keep their money safe. I think data security is more of an afterthought for executives.

    In my last job, my boss never wanted to spend one red cent on data security because it didn't have a quantifiable return on investment. After I quit I tried logging into a few of the databases the company uses, and they didn't even change the passwords. I could have easily stolen or wrecked their database.

    Maybe lack of security is due to sheer stupidity and complacency. This crap really annoys me, because companies want a lot of personal data from you these days...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •