Automotive giant Stellantis, the world’s fifth-largest automaker, has confirmed a data breach affecting its North American customers after attackers compromised a third-party service provider’s platform. While no financial data was exposed, the company acknowledged that customer contact details were stolen, prompting advisories to remain vigilant against phishing attempts.
According to BleepingComputer, the breach is part of a sweeping campaign by the notorious cyber-extortion group ShinyHunters, who claim to have stolen over 18 million Stellantis records and more than 1.5 billion Salesforce records across 760 companies worldwide. Their attack methods include exploiting stolen OAuth tokens from a Salesloft Drift integration, as well as voice phishing to capture credentials. High-profile targets have included Google, Cisco, Cloudflare, Palo Alto Networks, Adidas, Allianz Life, and Farmers Insurance.
The FBI has issued an alert warning that ShinyHunters is actively breaching Salesforce environments to steal customer data and extort victims. For Stellantis, the primary concern is not financial fraud but the risk of highly targeted phishing and social engineering attacks, made possible by the exposure of verified customer names and contact details.
Stellantis has activated its incident response protocols, notified authorities, and informed affected customers, but the scale of this campaign highlights the systemic risk posed by third-party platforms and the growing vulnerability of enterprise SaaS ecosystems. This episode unpacks how ShinyHunters pulled off the breach, what it means for Stellantis customers, and why Salesforce-linked compromises are becoming a global cybersecurity crisis.
#Stellantis #databreach #ShinyHunters #Salesforce #cybersecurity #FBIalert #OAuth #phishing #extortion #cybercrime #SOC #incidentresponse
