Automotive manufacturing big Stellantis has confirmed that attackers stole a few of its North American clients’ information after having access to a third-party service supplier’s platform.
Stellantis is a multinational company fashioned in 2021 after the merger of the PSA Group (Peugeot Société Anonyme) and Fiat Chrysler Vehicles (FCA). Stellantis is at present one of many largest automotive corporations globally by income and the world’s fifth-largest automaker by quantity.
The corporate owns 14 main automotive manufacturers, together with Alfa Romeo, Chrysler, Citroën, Dodge, DS Vehicles, Fiat, Jeep, Lancia, Maserati, Opel, Peugeot, Ram, and Vauxhall, and it operates manufacturing services throughout Europe, North America, South America, and different areas, with operations in over 130 nations.
In keeping with a press release printed over the weekend, the attackers solely stole buyer contact data throughout the breach because the compromised platform was not used to retailer monetary or different delicate private data.
“We lately detected unauthorized entry to a third-party service supplier’s platform that helps our North American customer support operations,” Stellantis mentioned.
“Upon discovery, we instantly activated our incident response protocols, initiated a complete investigation, and took immediate motion to include and mitigate the scenario. We’re additionally notifying the suitable authorities and instantly informing affected clients.”
The auto big additionally suggested clients to be cautious of potential phishing makes an attempt and to chorus from clicking suspicious hyperlinks or sharing private data when receiving sudden emails, texts, or calls.
BleepingComputer reached out to Stellantis with questions concerning the incident, however a response was not instantly obtainable.
Salesforce data breach claimed by ShinyHunters
Though Stellantis did not share extra data concerning this assault, BleepingComputer has discovered that it’s a part of a current wave of Salesforce data breaches linked with the ShinyHunters extortion group, which has affected quite a few high-profile corporations.
Earlier at this time, ShinyHunters claimed accountability for the Stellantis data breach and instructed BleepingComputer that they’d stolen over 18 million Salesforce information, together with names and make contact with particulars, from the corporate’s Salesforce occasion.
For the reason that begin of the yr, the extortion group has been concentrating on Salesforce clients in information theft assaults utilizing voice phishing assaults, impacting corporations corresponding to Google, Cisco, Qantas, Adidas, Allianz Life, Farmers Insurance coverage, Workday, and LVMH subsidiaries, together with Dior, Louis Vuitton, and Tiffany & Co.
ShinyHunters additionally claims they used stolen OAuth tokens for Salesloft’s Drift AI chat integration with Salesforce to steal delicate data, corresponding to passwords, AWS entry keys, and Snowflake tokens, after having access to clients’ Salesforce cases.
Utilizing this methodology, they claimed to have stolen buyer data from Google, Cloudflare, Zscaler, Tenable, Palo Alto Networks, CyberArk, Nutanix, Qualys, Rubrik, Elastic, BeyondTrust, Proofpoint, JFrog, Cato Networks, and lots of extra.
Final week, the FBI launched a Flash alert sharing IOCs found throughout the assaults and warning about risk actors breaching organizations’ Salesforce environments to steal information and extort victims. In the meantime, the extortion group instructed BleepingComputer that they’d stolen over 1.5 billion Salesforce information from 760 corporations, utilizing compromised Salesloft Drift OAuth tokens.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration developments.
