Stellantis representatives reported that attackers gained access to a third-party service provider’s platform and stole data on North American customers. Apparently, this attack is related to the Salesforce breach.
Stellantis is a multinational corporation formed in 2021 following the merger of PSA Group (Peugeot Société Anonyme) and Fiat Chrysler Automobiles (FCA). Today, Stellantis is one of the largest automotive companies in the world by revenue and ranks fifth by production volume.
The company owns 14 major automotive brands, including Alfa Romeo, Chrysler, Citroën, Dodge, DS Automobiles, Fiat, Jeep, Lancia, Maserati, Opel, Peugeot, Ram, and Vauxhall.
According to a statement published over the weekend, the attackers stole only customer contact information from Stellantis. The compromised platform was not used to store financial or other personal data.
“We recently discovered unauthorized access to a third-party service provider’s platform that supports our customer service operations in North America,” Stellantis said. “Following this, we immediately activated our incident response protocols, launched a comprehensive investigation, and took swift action to contain and mitigate the situation. We have also notified the relevant authorities and are directly informing affected customers.”
The auto giant advised customers to remain vigilant against potential phishing attacks and to avoid clicking suspicious links or sharing personal information in response to suspicious emails, messages, or phone calls.
Although Stellantis representatives are not disclosing any details about the attack, according to Bleeping Computer, this incident is linked to the recent wave of data leaks via Salesforce that has affected many well-known companies.
According to journalists, the hacking group ShinyHunters has claimed responsibility for stealing data from Stellantis. The hackers say they stole more than 18 million records, including names and contact details, from the company’s Salesforce.
Since the beginning of the year, this group has been targeting Salesforce customers and stealing data via voice phishing. Such breaches have already affected Google, Cisco, the airline Qantas, Adidas, the insurer Allianz Life, a number of LVMH brands (Louis Vuitton, Dior and Tiffany & Co) and many others.
In addition, ShinyHunters were behind the recent large-scale attack on Salesloft and its AI chatbot, Drift. Salesloft Drift is a platform for integrating the AI-powered Drift chatbot with Salesforce, allowing organizations to sync conversations, leads, and support tickets with their CRM. To streamline workflows, Drift can also integrate with various services, including Salesforce and other platforms (Slack, Pardot, Google Workspace, and so on).
Hackers compromised Salesloft and successfully stole customers’ OAuth and refresh tokens from Drift, intended for integration with Salesforce. This allowed the attackers to steal customer information from Google, Cloudflare, Zscaler, Proofpoint, Palo Alto Networks, Tenable, CyberArk, Nutanix, Qualys, Rubrik, Elastic, BeyondTrust, JFrog, Cato Networks, and many other companies.
Last week, hackers claimed they stole more than 1.5 billion records from the Salesforce instances of 760 companies, using compromised OAuth tokens for Salesloft and Drift.