Greeting card company and streaming service Hallmark has disclosed a data breach that exposed the personal information of 1.7 million people. The breach was the result of a hack on the company’s Salesforce environment.
ShinyHunters Claims Responsibility
The hack has been attributed to the ShinyHunters group, the same collective responsible for the recent Booking.com data breach. The stolen data includes customer names, email addresses, physical addresses, and phone numbers. The information was published on the ShinyHunters website after Hallmark apparently failed to meet a ransom demand.
Salesforce Environment Breached
Salesforce is a widely used customer relationship management (CRM) platform where companies store customer data. The exact method of the breach has not been disclosed, but it follows a similar pattern to the Odido hack, which also targeted a Salesforce environment. This incident raises questions about the security of Salesforce environments and the responsibility of companies to protect customer data.
Data Added to Have I Been Pwned
The 1.7 million stolen email addresses have been added to the data breach notification service Have I Been Pwned. Customers can use this service to check if their email address has been compromised in this or other data breaches. According to Have I Been Pwned, 82% of the email addresses in this breach were already known from previous incidents, such as the Basic-Fit data breach.
