The giant HR working day has been hacked

Workday, a company that provides human resources technologies to more than 11,000 companies and 70 million users worldwide, announced in a classic Friday dumping ground that it had undergone a data violation. The company has not revealed the quantity of information stolen by the pirates, but revealed that the information, including the names, the email addresses and the telephone numbers – of certain users have been compromised.

The company said that the violation had struck some of its databases from third -party customer relations. If other data was stolen, Workday did not say with certainty. The company only said that there was “no indication of access to customer tenants or data” in these databases. But now workday fears that, although its violation is limited, it could give rise to other violations via social engineering attacks.

“The type of information that the actor has obtained was mainly commonly available commercial contact details, such as names, email addresses and telephone numbers, potentially to continue their social engineering scams,” wrote workday.

It is interesting to note the little specific information concerning the violation of the working day. The company has not hidden exactly that the violation occurred, but it also took a little time before disclosing it. According to the BIP computer, the violation occurred on August 6. Then there is this spicy little detail of Techcrunch: the blog of the company announcing that the violation has a “Noindex tag” in the source code, which signals engine search robots so as not to index the page so that it does not appear in the search results.

Perhaps this is a vaguely understandable decision from the point of view of the protection of the reputation, but that does not shout exactly “we do our best so that our customers are informed and safe”.

According to Bleeping Computer, it seems that the Hack Workday is part of a greater violation of the Salesforce databases, which has caught a series of companies in the cross -fires. Companies such as Adidas, Google, Qantas Airways and Cisco have all been affected as part of attacks against Salesforce customer relations management systems.

These attacks were mainly linked to a hacking group that passes by Shinyhuters, which would have done most of its damage via social engineering and vocal phishing attacks. It is therefore logical that Workday warns its customers exactly on this subject.

Shinyhuters has become a prolific threat in recent years. The extortion group struck AT&T, steering 73 million customer files from the telecommunications giant, and Powerschool, which compromised information from millions of students and teachers in the United States and Canada.