Workday, the HR software giant serving 70 million users worldwide, just confirmed hackers breached one of its third-party customer databases and made off with personal information including names, emails, and phone numbers. The breach, discovered August 6, follows a coordinated wave of attacks targeting Salesforce-hosted databases that has hit Google, Cisco, and other major enterprises in recent weeks.
Workday just became the latest casualty in what security experts are calling a coordinated assault on enterprise cloud databases. The HR technology giant confirmed hackers penetrated one of its third-party customer relationship databases, stealing an undisclosed amount of personal information that could affect its 70 million users across 11,000+ corporate customers worldwide.
The timing couldn't be worse for enterprise security teams. According to Bleeping Computer's reporting, Workday discovered the breach on August 6 – right in the middle of an unprecedented wave of attacks targeting Salesforce-hosted customer databases. In recent weeks, Google, Cisco, Qantas, and retailer Pandora have all reported similar breaches affecting their cloud-based customer data stores.
What makes this breach particularly concerning is Workday's careful wording around customer impact. In a blog post published late Friday, the company stated there was "no indication of access to customer tenants or the data within them" – but notably didn't rule out that customer information was compromised. Those customer tenants typically house the bulk of HR files and sensitive employee data that make Workday such a attractive target for cybercriminals.
Google has already attributed the broader attack campaign to ShinyHunters, a notorious hacking group that specializes in voice phishing attacks. The group's modus operandi involves tricking company employees into granting access to cloud databases, then preparing data leak sites to extort victims – essentially operating like a ransomware gang without the encryption. "ShinyHunters was likely in the process of preparing a data leak site to extort its victims into paying the hackers to delete the data," earlier this month.
