Phisher steals Salesforce.com customer list

Customers of Salesforce.com are facing a barrage of phishing emails containing viruses and keyloggers after the company suffered the leak of a customer contact list.

Customers of Salesforce.com are facing a barrage of phishing emails containing viruses and keyloggers after the company suffered the leak of a customer contact list.

The company announced Tuesday in a letter to customers that a contact list was leaked by a Salesforce.com employee who fell for a phishing scam and revealed a password. The phisher accessed and copied the customer list, Parker Harris, Salesforce.com's executive vice president of technology, said in the letter.

Included on the contact list are first and last names, company names, email addresses and telephone numbers of Salesforce.com customers, as well as a variety of data associated with Salesforce.com accounts.

The San Francisco-based company uncovered the leak after it saw an increase in phishing attempts directed at customers in recent months. Salesforce said a small number of customers received fraudulent emails resembling company invoices that attempted to collect additional customer-related information. Harris said that a "very small number" of customers revealed passwords to the phisher.

The leak could have been prevented had Salesforce.com deployed widely available security technologies, such as two-factor authentication, sender ID or DomainKey Identified Mail (DKIM) protocols, according to Dave Jevans, chairman of the Anti-Phishing Working Group (APWG).

"I don't think you can rely solely on user education [to stop phishing attacks]," Jevans told SCMagazineUS.com. "If a guy gets an email that appears to be from IT asking for a password, evidence indicates that 17 percent of employees will fall for it."

Harris said in the letter that the company is working on several fronts to help customers deal with the phishing attacks by monitoring and analyzing logs to ensure rapid response, reinforcing security education and tightening access policies internally.

Salesforce advised customers to activate IP range restrictions, which allow users to access Salesforce only from within their corporate networks or via a VPN. The company will host a webinar today to inform customers of changes in its polices.

Other than making a copy of Harris' letter available, Salesforce.com did not provide SCMagazineUS.com with more information or comment on the leak.

Sign up to our newsletters