Automotive manufacturing big Stellantis has confirmed that attackers stole a few of its North American prospects’ information after having access to a third-party service supplier’s platform.
Stellantis is a multinational company shaped in 2021 after the merger of the PSA Group (Peugeot Société Anonyme) and Fiat Chrysler Vehicles (FCA). Stellantis is at the moment one of many largest automotive corporations globally by income and the world’s fifth-largest automaker by quantity.
The corporate owns 14 main automotive manufacturers, together with Alfa Romeo, Chrysler, Citroën, Dodge, DS Vehicles, Fiat, Jeep, Lancia, Maserati, Opel, Peugeot, Ram, and Vauxhall, and it operates manufacturing amenities throughout Europe, North America, South America, and different areas, with operations in over 130 international locations.
In keeping with an announcement revealed over the weekend, the attackers solely stole buyer contact info throughout the breach because the compromised platform was not used to retailer monetary or different delicate private info.
“We not too long ago detected unauthorized entry to a third-party service supplier’s platform that helps our North American customer support operations,” Stellantis mentioned.
“Upon discovery, we instantly activated our incident response protocols, initiated a complete investigation, and took immediate motion to include and mitigate the scenario. We’re additionally notifying the suitable authorities and instantly informing affected prospects.”
The auto big additionally suggested prospects to be cautious of potential phishing makes an attempt and to chorus from clicking suspicious hyperlinks or sharing private info when receiving sudden emails, texts, or calls.
BleepingComputer reached out to Stellantis with questions concerning the incident, however a response was not instantly accessible.
Salesforce information breach claimed by ShinyHunters
Though Stellantis did not share extra info relating to this assault, BleepingComputer has discovered that it’s a part of a current wave of Salesforce information breaches linked with the ShinyHunters extortion group, which has affected quite a few high-profile corporations.
Earlier immediately, ShinyHunters claimed duty for the Stellantis information breach and advised BleepingComputer that that they had stolen over 18 million Salesforce information, together with names and phone particulars, from the corporate’s Salesforce occasion.
Because the begin of the 12 months, the extortion group has been concentrating on Salesforce prospects in information theft assaults utilizing voice phishing assaults, impacting corporations comparable to Google, Cisco, Qantas, Adidas, Allianz Life, Farmers Insurance coverage, Workday, and LVMH subsidiaries, together with Dior, Louis Vuitton, and Tiffany & Co.
ShinyHunters additionally claims they used stolen OAuth tokens for Salesloft’s Drift AI chat integration with Salesforce to steal delicate info, comparable to passwords, AWS entry keys, and Snowflake tokens, after having access to prospects’ Salesforce cases.
Utilizing this methodology, they claimed to have stolen buyer info from Google, Cloudflare, Zscaler, Tenable, Palo Alto Networks, CyberArk, Nutanix, Qualys, Rubrik, Elastic, BeyondTrust, Proofpoint, JFrog, Cato Networks, and many extra.
Final week, the FBI launched a Flash alert sharing IOCs found throughout the assaults and warning about menace actors breaching organizations’ Salesforce environments to steal information and extort victims. In the meantime, the extortion group advised BleepingComputer that that they had stolen over 1.5 billion Salesforce information from 760 corporations, utilizing compromised Salesloft Drift OAuth tokens.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration developments.
