They have a huge amount of federal contracts. This will be interesting.
ethan_smith · 3h ago
As a FedRAMP authorized provider, Workday will face mandatory reporting requirements under FISMA and likely need to conduct a formal incident assessment with their federal agency customers within strict timeframes.
dontdoxxme · 4h ago
The company said the breach hit some of its third-party customer relationship databases. If any other data was stolen, Workday didn’t say for sure. The company only said there was “no indication of access to customer tenants or the data” within those databases
So that would be customer data of the admin / HR team at their customers, but not all the users, so while not good, it's not going to directly give really sensitive data; most likely to be used for further phishing attacks.
The real story here is that gizmodo is still a going concern.
ProAm · 3h ago
Please stick to the HN guidelines for posting and not turning this place into Reddit or Twitter
sagarkamat · 1h ago
Great! Can all companies please put this data in their own databases so we don't need to fill the same data for every single company please??
gruez · 4h ago
This seems like a nothingburger? By all accounts it seems like their salesforce database that got breached, which means realistically means contact details for key decision makers that they're trying to sell to (think CEO, CFO, head of HR, etc.). Don't get me wrong, all things being equal I'd prefer the leak to not have happened, but whatever contact info is in the database probably was already semi-public, given some salesperson at workday had to find it to enter it in the first place.
>Then there’s this spicy little detail from TechCrunch: the company’s blog post announcing the breach has a “noindex tag” in the source code, which signals to search engine crawlers not to index the page so it won’t come up in search results.
This is trivially disproven by clicking on an unrelated story[1] and seeing that it also has the <meta name="robots" content="nofollow, noindex"/> tag.
It's not nothing. These 'Salesforce attacks' are due to social engineering, which means that someone at the company is still responsible.
(And of course, Salesforce should be making these attacks harder.)
chupchap · 3h ago
Salesforce does offer granular controls for admins to restrict or allow connected apps, but in a lot of older instances this is not restricted. Partly this is due to lack of awareness of the threat vector, or sometimes because no one cares enough. In the current release I think Salesforce is locking things down by default to avoid this. https://help.salesforce.com/s/articleView?id=release-notes.r...
oracel · 3h ago
Even if the breached data might be insignificant, a constant stream of 'X_Company hacked because of Salesforce' headlines (even if this title is misleading) is pretty bad for $CRM judging from a quick glance at their YTD.
moron4hire · 4h ago
Companies put a lot more than just sales leads into Salesforce. A lot of places treat it as a general purpose, internal application platform. Just knowing it was Salesforce doesn't tell you anything about the scope of the breach.
bombcar · 3h ago
It’s incredibly easy (and powerful) to use SF has the source of truth for all sorts of things, so “it was an SF leak” doesn’t tell you much.
>Then there’s this spicy little detail from TechCrunch: the company’s blog post announcing the breach has a “noindex tag” in the source code, which signals to search engine crawlers not to index the page so it won’t come up in search results.
This is trivially disproven by clicking on an unrelated story[1] and seeing that it also has the <meta name="robots" content="nofollow, noindex"/> tag.
[1] https://blog.workday.com/en-us/our-commitment-to-our-europea...
(And of course, Salesforce should be making these attacks harder.)