BreachExchange mailing list archives
follow-up: Salesforce tight-lipped after phishing attack
From: security curmudgeon <jericho () attrition org>
Date: Thu, 8 Nov 2007 15:16:07 +0000 (UTC)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://news.zdnet.co.uk/security/0,1000000189,39290616,00.htm By Tom Espiner ZDNet.co.uk 07 Nov 2007 Salesforce.com is refusing to reveal details of a security breach caused when one of its employees surrendered their password in a phishing attack against the company. Details of Salesforce.com's customers were stolen as a result of the password being surrended, the CRM services company admitted to customers on Monday. But, when contacted by ZDNet.co.uk, the company refused to say whether any UK customers had been affected, whether any financial damage had occurred, and whether any disciplinary action had been taken against any employees as a result of the security incident. It offered no other comment on the matter. Salesforce.com first noticed a possible security breach when it saw a rise in phishing attacks directed against customers "a couple of months ago". Upon investigation, the company found that one of its employees had been "tricked" into disclosing a password, allowing a customer list to be stolen, according to Monday's letter, which was sent to customers by executive vice president of technology Parker Harris. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- follow-up: Salesforce tight-lipped after phishing attack security curmudgeon (Nov 08)