Stellantis, the parent company of Jeep and Chrysler, has confirmed a data breach affecting customer contact information, part of a larger trend of Salesforce-related cyberattacks.
Automotive giant Stellantis has confirmed that it has fallen victim to a data breach, which has exposed customer contact details. This incident occurred after attackers infiltrated a third-party platform utilized for North American customer services. The announcement comes amid a series of large-scale attacks on cloud customer relationship management (CRM) systems that have already impacted notable companies, including Google, Cisco, and Adidas.
Earlier breaches have led to the exposure of names, emails, and phone numbers, providing attackers with enough information to initiate phishing campaigns or extortion attempts. Stellantis’s breach is part of a troubling trend affecting Salesforce clients, with companies like Allianz and Dior also reporting similar security incidents.
Stellantis was formed in 2021 through the merger of the PSA Group and Fiat Chrysler Automobiles. It ranks among the world’s largest automakers by revenue and is the fifth largest by volume globally. The company oversees 14 well-known brands, including Jeep, Dodge, Peugeot, Maserati, and Vauxhall, and operates manufacturing facilities in over 130 countries. This extensive global presence makes Stellantis an appealing target for cybercriminals.
In its public statement, Stellantis clarified that only contact information was compromised in the breach. The company emphasized that the third-party platform involved does not store financial or highly sensitive personal data. As a result, Social Security numbers, payment details, and health records were not accessible to the attackers. In response to the breach, Stellantis activated its incident response protocols, initiated a full investigation, contained the breach, notified authorities, and began alerting affected customers. The company also issued warnings about potential phishing attempts and urged customers to avoid clicking on suspicious links.
While Stellantis has not disclosed the number of customers affected by the breach, it has not specified which contact details—such as email addresses, phone numbers, or physical addresses—were accessed by the attackers. Although the company has not named the specific hacker group responsible for the breach, multiple sources have linked this incident to the ShinyHunters extortion campaign. ShinyHunters has been active in a series of data thefts targeting Salesforce this year, claiming to have stolen over 18 million records from Stellantis’s Salesforce instance, which includes names and contact details, according to reports from Bleeping Computer.
The methods employed by attackers in these incidents are notably sophisticated. They exploit OAuth tokens associated with integrations, such as Salesloft’s Drift AI chat tool, to gain access to Salesforce environments. Once inside, they can harvest valuable metadata, credentials, AWS keys, Snowflake tokens, and more. Recently, the FBI issued a Flash alert highlighting numerous indicators of compromise linked to these Salesforce attacks, urging organizations to strengthen their defenses. The cumulative impact of these breaches is staggering, with ShinyHunters claiming to have stolen over 1.5 billion Salesforce records across approximately 760 companies.
Even though only contact details were exposed in the Stellantis breach, this information can be leveraged by attackers for targeted phishing attempts. Basic contact information can be scraped from breaches and sold on data broker platforms, where it is often used for spam, scams, and other malicious activities. To mitigate long-term exposure, individuals are encouraged to consider data removal services that can help track down and request the deletion of their information from these databases.
While no service can guarantee complete removal of personal data from the internet, utilizing a data removal service can be a prudent choice. These services actively monitor and systematically erase personal information from numerous websites, providing peace of mind and reducing the risk of scammers cross-referencing data from breaches with information available on the dark web.
The most immediate risk following a breach like this is targeted phishing. Attackers now possess legitimate contact details, making their emails and texts appear convincingly authentic. Consumers are advised to be skeptical of any messages claiming to be from Stellantis or related services, particularly those that urge recipients to click links, download attachments, or share personal information.
To safeguard against malicious links, it is advisable to have antivirus software installed on all devices. This protection can alert users to phishing emails and ransomware scams, helping to keep personal information and digital assets secure. Additionally, individuals should consider using a password manager to create strong, unique passwords for every account, reducing the risk of credential stuffing attacks.
Furthermore, it is important to check if your email has been exposed in previous breaches. Many password managers include built-in breach scanners that can alert users if their email addresses or passwords have appeared in known leaks. If a match is found, it is crucial to change any reused passwords and secure those accounts with new, unique credentials.
Implementing two-factor authentication (2FA) adds an extra layer of security by requiring a temporary code or approval in addition to a password. This significantly decreases the likelihood of successful account takeover attempts, even if attackers manage to steal a password.
Attackers often combine exposed contact information with other data to create comprehensive identity profiles. Identity theft protection services can monitor for suspicious activities, such as unauthorized credit applications or changes to official records, and alert users early so they can take action before significant damage occurs.
In the wake of this breach, it is advisable for customers to audit their accounts, not only with Stellantis but also with related services such as financing portals, insurance accounts, or loyalty programs. Users should look for unusual sign-ins, unfamiliar devices, or changes to personal details. Most services offer tools to review login history and security events, making this a routine habit.
The vulnerability of even large manufacturing companies highlights the risks associated with cloud platforms and third-party systems in customer workflows. As Stellantis navigates the aftermath of this breach, the broader lesson is clear: organizations must treat the surfaces exposed by their service providers and SaaS integrations with the same vigilance as their core systems.
Source: Original article