Excerpt from BleepingComputer Article, Published on September 3, 2025
Workiva recently confirmed a new data breach impacting its vast customer base, exposing business contact information after attackers penetrated its Salesforce customer relationship management (CRM) system. The security incident, disclosed via private notification, involved threat actors exfiltrating customer names, emails, phone numbers, and some support ticket data. Workiva, a prominent SaaS platform trusted by 85% of Fortune 500 companies, stated the breach was limited to business contact information; platform and client data were not accessed or compromised.
The attack is part of a larger wave targeting Salesforce customers using tactics linked to the ShinyHunters extortion group. The group exploited vulnerabilities associated with third-party integrations, including stolen OAuth tokens, to gain unauthorized access. High-profile companies affected include Cloudflare, Google, Cisco, Allianz, and several major cybersecurity vendors. More recently, ShinyHunters leveraged Salesloft’s Drift AI chat integration to infiltrate Salesforce and extract even more sensitive information from support interactions, such as passwords and access tokens.
Workiva has proactively informed customers to remain wary of phishing attempts and reiterated that no direct client data within its SaaS platform was compromised. The company emphasized vigilance against suspicious communications, clarifying it would never seek passwords or secure details outside official channels. This targeted warning is critical, as attackers may use stolen contact details for convincing spear-phishing campaigns—a growing threat landscape highlighted by Workiva and other breached organizations.
For enterprises relying on Workiva, understanding this breach underscores the importance of strong security controls when integrating third-party providers with critical business platforms. The incident also prompts companies to regularly review support and CRM system access, especially where sensitive communications or integrations exist.
To delve deeper into this topic, read the original article on BleepingComputer.
