The large automotive manufacturer Stellantis (which produces Jeep, Fiat, Chrysler, Ram, etc.) reported that hackers obtained some of their customer data. The data was in a third-party service that Stellantis used to assist in customer service in North America.
The hackers took names and contact information, for example, emails. The good news is that there was no banking or payment information stolen in this event.
They claimed to have stolen 18 million records from Salesforce systems, including contact information.
Other larger organizations have been targeted similarly.
1. Be cautious of emails and calls. Do not click links unless you have verified that it is legitimate.
2. Verify any information you receive regarding this incident directly with Stellantis.
3. Change your passwords if you use the same email on other platforms.
4. Monitor your accounts closely for anything unusual.
However, it certainly reaffirms that third-party tools could be vulnerabilities as hackers can ultimately find a "door" in, even in the company itself is secure.
The hackers took names and contact information, for example, emails. The good news is that there was no banking or payment information stolen in this event.
Who Did It?
A hacker group called ShinyHunters claims to be responsible for the incident.They claimed to have stolen 18 million records from Salesforce systems, including contact information.
Other larger organizations have been targeted similarly.
Importance
You might think this is just "contact info". But information could still be used by scammers for:- Phish emails that are not real but look like it
- Unwanted calls/texts
- Fake messages saying they are Stellantis or one of their brands
What Stellantis Has Done
Stellantis said they:- Activated their emergency response plans,
- Began an investigation,
- Notified customers who were affected by this
- Have warned people to watch for scam emails/texts
What You Should Do
If you’re a customer of Stellantis, here’s a list of smart actions to take:1. Be cautious of emails and calls. Do not click links unless you have verified that it is legitimate.
2. Verify any information you receive regarding this incident directly with Stellantis.
3. Change your passwords if you use the same email on other platforms.
4. Monitor your accounts closely for anything unusual.
My Opinion
In my opinion, Stellantis acted quickly and it was a good move to be transparent about it. This is much better than nondisclosure.However, it certainly reaffirms that third-party tools could be vulnerabilities as hackers can ultimately find a "door" in, even in the company itself is secure.
