Data -Outrition Warning: Work Day confirms personal data stolen; Hackers were able to access names, e -mail and phone numbers

Workday, a major human resource technology provider, confirmed a data offense that led to the theft of personal information from one of its third-party databases. The nature of the offense in a blog post published on Friday revealed that hackers had access to an unspecified amount of data, mainly with contact details such as names, email addresses and phone numbers. Workday did not confirm whether any corporate customer information was affected, and only said that there was “no indication of access to customer tenants or the data in it.” These tenants are usually used by clients to store the bulk of the human resource files and the personal information of employees. Risks of stolen data The company has warned that the stolen information can be exploited in social engineering attacks, in which cyber criminals manipulate or threaten victims to access sensitive data. According to a TechCrunch report, Workday serves over 11,000 corporate customers and supports at least 70 million users worldwide. According to Bleeping Computer, the offense was spotted on August 6. Reportedly, the firm did not disclose the name of the third -party database, but the incident came amid a series of attacks presented on databases in Salesforce. Recent victims include Google, Cisco, the airline Qantas, and jewelry dealer Pandora, all of which have gained data theft of their cloud-based systems. Details of the Google offense have confirmed Google that one of its Salesforce systems used for storing small and medium business contact data was briefly compromised by a cyber mission known as UNC6040, which uses voting or ‘fishing’ to mislead employees to access sensitive tools. The attackers used a social engineering technique, where they personified IT support staff during telephone calls, convincing employees to authorize malicious software linked to their Salesforce area. This allowed the group to access and withdraw basic business contact details, most of which, according to Google, were already publicly available, before the offense was spotted and stopped. The group behind the attack, Unc6040, is best known for the target of Salesforce platforms by abusing instruments such as the ‘Data Loader’ app, a legal application that enables bulk handling. In many cases, the hackers use false versions of this app with misleading names, such as ‘My Ticket Portal’, to avoid detection during the Phishing calls.