follow-up: Salesforce tight-lipped after phishing attack

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://news.zdnet.co.uk/security/0,1000000189,39290616,00.htm

By Tom Espiner
ZDNet.co.uk
07 Nov 2007

Salesforce.com is refusing to reveal details of a security breach caused 
when one of its employees surrendered their password in a phishing attack 
against the company.

Details of Salesforce.com's customers were stolen as a result of the 
password being surrended, the CRM services company admitted to customers 
on Monday.

But, when contacted by ZDNet.co.uk, the company refused to say whether any 
UK customers had been affected, whether any financial damage had occurred, 
and whether any disciplinary action had been taken against any employees 
as a result of the security incident. It offered no other comment on the 
matter.

Salesforce.com first noticed a possible security breach when it saw a rise 
in phishing attacks directed against customers "a couple of months ago". 
Upon investigation, the company found that one of its employees had been 
"tricked" into disclosing a password, allowing a customer list to be 
stolen, according to Monday's letter, which was sent to customers by 
executive vice president of technology Parker Harris.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml