Netherlands-based mobile telecommunications company Odido (formerly T-Mobile) has been named as the latest victim of social engineering attacks involving Salesforce instances.
This has reportedly led to over six million customer records being exposed, with hackers able to access information such as mobile phone numbers, addresses, and identification numbers of driver’s licenses and passports.
Odido Under Attack
Much like previous social engineering attacks involving Salesforce last year, hackers were able to access Odido’s databases through phishing, the NOS reported. This was achieved by logging into the accounts of individual customer service employees and obtaining necessary passwords through email.
After receiving the passwords, hackers contacted employees while impersonating Odido’s IT department. Through this social engineering tactic, they were able to deceive the employees into approving the fraudulent login, thereby bypassing an additional security layer.
Through this attack, it is predicted that six million customer records could have been scraped through Salesforce, which includes the data from both former and current customers. Odido maintains that passwords, call details, and billing data have not been leaked.
“We deeply regret this incident and are fully committed to limiting the impact of this incident and providing our customers with all necessary support,” the company wrote in a statement. “Unauthorized access to the system was ended as quickly as possible.”
“In addition, Odido has engaged external cybersecurity experts to support the implementation of additional security measures as part of the response to this incident.”
The company also detailed that affected customers would receive an email or SMS from the company directly, and that the Dutch Data Protection Authority (AP) has been informed.
SF Ben has reached out to Odido for comment.
How Is Salesforce Involved?
This particular breach involved hackers being able to access Odido’s Salesforce instance, where customer data is stored. From there, hackers downloaded this data, but how much was captured in this way is not known.
A Salesforce spokesperson told SF Ben that this breach was not caused by any issue on Salesforce’s side.
“We have no indication at this time that this issue was caused by any vulnerability in our platform,” they said.
Summary
Unfortunately, the data breach trend, which Salesforce has consistently been finding itself involved in, continues.
This particular attack highlights just how necessary human error is in social engineering attacks, indicating that a wider conversation surrounding how integral employee-specific and business-wide security is right now.
SF Ben note: We at SF Ben strongly recommend that all admins and org owners prioritize auditing the connected apps currently in use in their orgs. This includes identifying the origin of all connected apps, removing any unused or unknown apps, setting permissions for access to remaining apps, and removing the ability for any user to add connected apps without approval. We’ve published an article to help.
