[Dataloss] follow-up: Salesforce tight-lipped after phishing attack
security curmudgeon
jericho at attrition.org
Thu Nov 8 15:16:07 UTC 2007
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://news.zdnet.co.uk/security/0,1000000189,39290616,00.htm
By Tom Espiner
ZDNet.co.uk
07 Nov 2007
Salesforce.com is refusing to reveal details of a security breach caused
when one of its employees surrendered their password in a phishing attack
against the company.
Details of Salesforce.com's customers were stolen as a result of the
password being surrended, the CRM services company admitted to customers
on Monday.
But, when contacted by ZDNet.co.uk, the company refused to say whether any
UK customers had been affected, whether any financial damage had occurred,
and whether any disciplinary action had been taken against any employees
as a result of the security incident. It offered no other comment on the
matter.
Salesforce.com first noticed a possible security breach when it saw a rise
in phishing attacks directed against customers "a couple of months ago".
Upon investigation, the company found that one of its employees had been
"tricked" into disclosing a password, allowing a customer list to be
stolen, according to Monday's letter, which was sent to customers by
executive vice president of technology Parker Harris.
[..]
More information about the Dataloss
mailing list