Automaker Giant Stellantis Confirms Data Breach After Salesforce Hack
Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers' data after gaining access to a third-party service provider's platform. This major corporation, formed in 2021 through the merger of the PSA Group and Fiat Chrysler Automobiles (FCA), is currently one of the largest automotive companies globally by revenue and the world's fifth-largest automaker by volume.
The company owns 14 major automotive brands, including Alfa Romeo, Chrysler, Citroën, Dodge, DS Automobiles, Fiat, Jeep, Lancia, Maserati, Opel, Peugeot, Ram, and Vauxhall, with operations in over 130 countries. The attackers only stole customer contact information during the breach since the compromised platform was not used to store financial or other sensitive personal information.
"We recently detected unauthorized access to a third-party service provider's platform that supports our North American customer service operations," Stellantis stated. "Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers."
The auto giant advised customers to be cautious of potential phishing attempts and to refrain from clicking suspicious links or sharing personal information when receiving unexpected emails, texts, or calls.
A Connection to Salesforce Data Breach Claimed by ShinyHunters
Although Stellantis didn't share more information regarding this attack, BleepingComputer has learned that it is part of a recent wave of Salesforce data breaches linked with the ShinyHunters extortion group. The group claims responsibility for the breach and told BleepingComputer that they had stolen over 18 million Salesforce records, including names and contact details, from the company's Salesforce instance.
ShinyHunters has been targeting Salesforce customers in data theft attacks using voice phishing attacks, impacting companies such as Google, Cisco, Qantas, Adidas, Allianz Life, Farmers Insurance, Workday, and LVMH subsidiaries like Dior, Louis Vuitton, and Tiffany & Co. The group also used stolen OAuth tokens for Salesloft's Drift AI chat integration with Salesforce to steal sensitive information.
Using this method, they claimed to have stolen customer information from Google, Cloudflare, Zscaler, Tenable, Palo Alto Networks, CyberArk, Nutanix, Qualys, Rubrik, Elastic, BeyondTrust, Proofpoint, JFrog, Cato Networks, and many more. The FBI released a Flash alert sharing IOCs discovered during the attacks and warning about threat actors breaching organizations' Salesforce environments to steal data and extort victims.
Impact of Data Breaches and Recommendations
The recent wave of Salesforce data breaches has significant implications for companies, their customers, and security experts. As Stellantis confirmed the breach, they advised affected customers to be cautious of potential phishing attempts and not to click on suspicious links or share personal information when receiving unexpected emails, texts, or calls.
For businesses like Stellantis, it is essential to have robust cybersecurity measures in place to prevent data breaches. Employees should also be educated on how to identify phishing attempts and respond accordingly. Regular software updates, secure password practices, and regular security audits can help reduce the risk of future attacks.
Data Breach Statistics
For those interested in staying informed about cybersecurity trends, the Picus Blue Report 2025 is a valuable resource that provides an in-depth look at prevention, detection, and data exfiltration trends. With a reported 46% of environments having passwords cracked, nearly doubling from 25% last year, password security remains a critical concern.