HR Giant Workday Got Hacked

Workday, a company that provides human resources technology to over 11,000 corporations and 70 million users worldwide, announced in a classic Friday news dump that it suffered a data breach. The company did not disclose how much information was stolen by the hackers, but did reveal that information—including the names, email addresses, and phone numbers—of some users was compromised.

The company said the breach hit some of its third-party customer relationship databases. If any other data was stolen, Workday didn’t say for sure. The company only said there was “no indication of access to customer tenants or the data” within those databases. But now Workday is worried that, while its breach may be limited, it could give rise to other breaches via social engineering attacks.

“The type of information the actor obtained was primarily commonly available business contact information, like names, email addresses, and phone numbers, potentially to further their social engineering scams,” Workday wrote.

It’s interesting to note how little specific information regarding the breach Workday has provided. The company didn’t exactly hide that the breach happened, but it also took a little time before disclosing it. Per Bleeping Computer, the breach occurred on August 6. Then there’s this spicy little detail from TechCrunch: the company’s blog post announcing the breach has a “noindex tag” in the source code, which signals to search engine crawlers not to index the page so it won’t come up in search results.

Maybe that’s all a vaguely understandable decision from a reputation protection standpoint, but it doesn’t exactly scream “We’re doing the best we can to keep our customers informed and safe.”

According to Bleeping Computer, it seems the Workday hack is part of a bigger breach of Salesforce databases, which has caught a string of companies in the crossfire. Companies including Adidas, Google, Qantas Airways, and Cisco have all been hit as part of the attacks on Salesforce Customer Relationship Management systems.

Those attacks have primarily been linked to a hacking group that goes by ShinyHunters, which has reportedly done most of its damage via social engineering and voice phishing attacks. So, it makes sense that Workday is warning its customers about exactly that.

ShinyHunters has become something of a prolific threat in recent years. The extortion group has hit AT&T, stealing 73 million customer records from the telecom giant, and PowerSchool, which compromised the information of millions of students and teachers in the United States and Canada.