French luxury fashion house Chanel has become the latest victim in a sophisticated cybercrime campaign targeting major corporations through their Salesforce customer relationship management systems.<\/p>\n
The company confirmed on July 25, 2025, that unauthorized threat actors had breached a database containing personal information of U.S. customers who contacted their client care center.<\/p>\n
The breach exposed limited but sensitive customer data, including names, email addresses, mailing addresses, and phone numbers of individuals who had contacted Chanel\u2019s U.S. client care center.<\/p>\n
Importantly, no financial information, payment data, or internal operational systems were compromised in the attack, according to the WWD report<\/a>.<\/p>\n The Chanel breach represents just one incident in a sweeping cybercrime wave orchestrated by the notorious ShinyHunters extortion group, which has been systematically targeting Salesforce instances across multiple industries since early 2025.<\/p>\n The campaign has affected an unprecedented roster of major brands, including Qantas, Allianz Life<\/a>, LVMH subsidiaries Louis Vuitton<\/a> and Dior<\/a>, Tiffany & Co., and Adidas.<\/p>\n This coordinated assault demonstrates the evolving threat landscape where cybercriminals are increasingly focusing on cloud-based customer relationship management platforms rather than attempting to breach companies\u2019 primary security defenses directly.<\/p>\n The attacks have spanned multiple countries, affecting customers in the United States, the United Kingdom, South Korea, Turkey, Italy, and Sweden.<\/p>\n The ShinyHunters group, tracked by Google\u2019s Threat Intelligence Group as UNC6040, has employed highly sophisticated voice phishing<\/a> (vishing) techniques to compromise Salesforce environments.<\/p>\n The attackers impersonate IT support personnel in convincing telephone calls to employees, typically targeting English-speaking staff at multinational corporations.<\/p>\n During these social engineering<\/a> attacks, victims are manipulated into visiting Salesforce\u2019s connected app setup page and authorizing a malicious version of the legitimate Data Loader application.<\/p>\n The fraudulent app is often rebranded under names like \u201cMy Ticket Portal\u201d to avoid suspicion while granting attackers extensive access to query and exfiltrate sensitive customer data directly from Salesforce environments.<\/p>\n The attack methodology follows a consistent pattern:<\/strong><\/p>\n The campaign has demonstrated particular success against the fashion and luxury goods sector, with multiple LVMH brands falling victim within weeks of each other.<\/p>\n Allianz Life Insurance reported that the July 16 attack affected the majority of its 1.4 million U.S. customers, while Qantas<\/a> disclosed that up to 6 million customer records were potentially compromised.<\/p>\n Chanel has begun directly notifying affected customers and has engaged external cybersecurity specialists to conduct a thorough investigation of the incident.<\/p>\n The company has also reported the breach to relevant law enforcement agencies and data protection authorities as required by applicable regulations.<\/p>\n The post Fashion Giant Chanel Hacked in Wave of Salesforce Attacks<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"Fashion](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizwRzs9XSHOO-ijWZZ7btjPTSoKGK4TH_GX6QCliopn6iREu-iVn8St87by6Jxp81cC2aAu87E4zQcecOUd0XXXhNOMHhR0BdfWHekgoG4EsmXmGyAJMjqV1C6EKf21rC8Fouxrn5eVS8Co-XWG7FTgveq2jPzuAdIJvvVlqM1wqtQ4Xha2LpDYLszaT3w\/s16000\/shiny%2520hunters%2520.webp?ssl=1\")
\n
Integrate ANY.RUN TI Lookup<\/strong> with your SIEM or SOAR To Analyses Advanced Threats<\/strong> -> Try 50 Free Trial Searches<\/a> <\/strong><\/code><\/p>\n