As a FedRAMP authorized provider, Workday will face mandatory reporting requirements under FISMA and likely need to conduct a formal incident assessment with their federal agency customers within strict timeframes.
The company said the breach hit some of its third-party customer relationship databases. If any other data was stolen, Workday didn’t say for sure. The company only said there was “no indication of access to customer tenants or the data” within those databases
So that would be customer data of the admin / HR team at their customers, but not all the users, so while not good, it's not going to directly give really sensitive data; most likely to be used for further phishing attacks.
This seems like a nothingburger? By all accounts it seems like their salesforce database that got breached, which means realistically means contact details for key decision makers that they're trying to sell to (think CEO, CFO, head of HR, etc.). Don't get me wrong, all things being equal I'd prefer the leak to not have happened, but whatever contact info is in the database probably was already semi-public, given some salesperson at workday had to find it to enter it in the first place.
>Then there’s this spicy little detail from TechCrunch: the company’s blog post announcing the breach has a “noindex tag” in the source code, which signals to search engine crawlers not to index the page so it won’t come up in search results.
This is trivially disproven by clicking on an unrelated story[1] and seeing that it also has the <meta name="robots" content="nofollow, noindex"/> tag.
Salesforce does offer granular controls for admins to restrict or allow connected apps, but in a lot of older instances this is not restricted. Partly this is due to lack of awareness of the threat vector, or sometimes because no one cares enough. In the current release I think Salesforce is locking things down by default to avoid this. https://help.salesforce.com/s/articleView?id=release-notes.r...
Companies put a lot more than just sales leads into Salesforce. A lot of places treat it as a general purpose, internal application platform. Just knowing it was Salesforce doesn't tell you anything about the scope of the breach.
Even if the breached data might be insignificant, a constant stream of 'X_Company hacked because of Salesforce' headlines (even if this title is misleading) is pretty bad for $CRM judging from a quick glance at their YTD.
Readit News
>Then there’s this spicy little detail from TechCrunch: the company’s blog post announcing the breach has a “noindex tag” in the source code, which signals to search engine crawlers not to index the page so it won’t come up in search results.
This is trivially disproven by clicking on an unrelated story[1] and seeing that it also has the <meta name="robots" content="nofollow, noindex"/> tag.
[1] https://blog.workday.com/en-us/our-commitment-to-our-europea...
(And of course, Salesforce should be making these attacks harder.)
Dead Comment