Workday, one of the biggest providers of human resources technology, has confirmed a data breaches that allow hackers to steal personal information from one of their third-party customer relationship databases.
In a blog post published late Friday, the HR Technology giant said the hackers had stole unspecified personal information from the database.
Workday did not expressly rule out that customer information was retrieved in a data breach. This states that “there is no indication of access to the customer tenant or the data within it.”
The company said stolen information could be used to promote social engineering fraud. Hackers said they would deceive or threaten victims and provide access to sensitive data.
Workday has over 11,000 corporate customers, and according to its website, it serves at least 70 million users worldwide. Bleeping Computer reports that the hack was discovered on August 6th.
Workday did not identify compromised third-party customer database platforms, but continues to the recent level of cyberattacks targeting the Salesforce hosted databases that large companies use to store customer data. In recent weeks, Google, Cisco, airline giant Qantas and retailer Pandora have all been stolen from the Salesforce database.
Google attributes the violation to ShinyHunters, a group of hackers known for using voice phishing to steal company data by stealing company employees, to allow company employees to access cloud-based databases. Google said that Shinyhunters is likely in the process of preparing a data leak site to force victims to pay hackers to remove data similar to the behavior of ransomware gangs.
Workday representatives had no questions in TechCrunch emails. This involves knowing whether Workday knows how many individuals have been stolen, and who the stolen data is related to, such as Workday employees and Workday corporate customers.
At the time of writing, Workday's blog post violation contained a hidden “noindex” tag in the source code, which instructs search engines to ignore the page, making it difficult for people searching the web to find the page.
It's not clear why Workday is hiding data breach notifications from search engines.
Do you know more about Workday data breaches or attacks targeting Salesforce databases? Have you been notified of a data breach? Please contact this reporter securely via a message encrypted with Zackwhittaker.1337.