Jewelry giant Pandora has confirmed a data breach following a targeted attack on its Salesforce environment. The breach is part of a larger wave of cyberattacks orchestrated by cybercriminal groups exploiting misconfigured or vulnerable Salesforce customer accounts.
Pandora disclosed the incident in customer notifications sent out on August 5, 2025. While the company emphasized that its core infrastructure was not compromised, attackers were able to access customer data stored in its Salesforce CRM system.
What Data Was Exposed?
According to Pandora, the breach exposed limited personally identifiable information (PII), including:
- Full names
- Birthdates
- Email addresses
The company stated that no passwords, government-issued IDs, or financial details were accessed during the breach.
Despite the relatively narrow scope of the leak, such data can still be used in phishing attacks or identity-based scams. Pandora urged customers to remain vigilant and report suspicious communications.
Part of a Larger Campaign
The attack on Pandora is not an isolated case. It is part of a broader, coordinated campaign that has impacted multiple global brands using Salesforce services. Recent victims include high-profile names such as:
- Chanel
- Adidas
- Qantas
- Allianz Life
- Louis Vuitton
- Tiffany & Co.
- Dior
These incidents are not due to a direct compromise of Salesforce itself. Instead, attackers leverage phishing, social engineering, and malicious OAuth applications to gain unauthorized access to customer-side instances of Salesforce.
Cybercriminal group ShinyHunters has been linked to several of these attacks, using previously stolen credentials or cleverly disguised apps to siphon data from targeted organizations.
Salesforce Responds
Salesforce has confirmed that its platform remains secure. However, the company reiterated the importance of strong client-side security, recommending that all customers:
- Enforce multi-factor authentication (MFA)
- Audit third-party integrations and OAuth permissions
- Limit user access according to least privilege principles
- Monitor for unusual login patterns or large data exports
Salesforce is reportedly working with affected organizations to identify and remediate vulnerabilities in their configurations.
The Bigger Picture
This wave of breaches highlights a recurring issue in cloud and SaaS security: trust-based platforms like Salesforce are only as secure as their customers’ access controls. As businesses continue to adopt cloud-based tools, attackers are increasingly exploiting weak authentication policies and overlooked app permissions.
Security researchers warn that even small data leaks, like email addresses and birthdates, can be weaponized in broader campaigns involving phishing, identity fraud, or account takeovers.
Final Thoughts
The Pandora data breach adds another high-profile name to the growing list of victims in the ongoing Salesforce-targeted attack spree. While the leaked data may seem limited at first glance, it underscores the urgent need for tighter access controls and stronger identity verification across cloud platforms. As the threat landscape evolves, companies must proactively monitor and secure their third-party integrations to avoid becoming the next target.
