Stellantis Confirms Data Breach Exposing Customer Information

Published 2025-10-06 03:00:52 | cyberguy.com
Data Breach Stellantis Shinyhunters Salesforce Cybersecurity

🎙️ Paranoid Newscast

📄 Download Executive Briefing Pack (PDF)
Automaker Stellantis has confirmed a data breach that compromised customer contact details through a third-party platform. The breach is linked to the ShinyHunters group, which has targeted multiple Salesforce clients this year.

Automotive giant Stellantis has just revealed that it suffered a data breach, exposing customer contact details, after attackers infiltrated a third-party platform used for North American customer services. The announcement comes at a time when large-scale attacks on cloud CRM systems have already shaken tech and retail sectors alike, with Salesforce clients such as Google, Allianz, and Dior reporting similar intrusions. These earlier incidents exposed names, emails, and phone numbers, which were sufficient for attackers to launch phishing campaigns or extortion attempts.

Stellantis was formed in 2021 through the merger of the PSA Group and Fiat Chrysler Automobiles. Today, it ranks among the world’s largest automakers by revenue and is fifth in volume globally. The company houses 14 well-known brands, including Jeep and Dodge, as well as Peugeot, Maserati, and Vauxhall, and operates manufacturing infrastructure across more than 130 countries. That global scale naturally makes it a tempting target for cyber adversaries.

In its public statement, Stellantis clarified that only contact information was taken. Since the compromised third-party platform does not host financial or deeply sensitive personal data, Stellantis asserts that social security numbers, payment details, or health records were out of reach of the attackers. In response, the company activated its incident response protocols, launched a full investigation, contained the breach, notified authorities, and began alerting affected customers. It also issued warnings about phishing and urged customers not to click suspicious links.

While Stellantis has not explicitly named the hacker group behind the breach, multiple sources tie this incident to the ShinyHunters extortion campaign, which has spearheaded a wave of data thefts targeting Salesforce this year. ShinyHunters claims to have stolen over 18 million records from Stellantis’ Salesforce instance, which includes names and contact details, according to Bleeping Computer. These attacks form part of a broader campaign aimed at Salesforce customers.

In recent months, ShinyHunters has often worked in concert with groups like Scattered Spider and targeted companies including Google, Cisco, Adidas, Allianz Life, Qantas, and brands under LVMH such as Dior and Tiffany & Co. Their reported method is fairly ingenious. Attackers exploit OAuth tokens tied to integrations like Salesloft’s Drift AI chat tool to pivot into Salesforce environments. Once inside, they can harvest valuable metadata, credentials, AWS keys, Snowflake tokens, and more. In fact, the FBI recently issued a Flash alert that surfaced numerous indicators of compromise linked to these Salesforce environment attacks and warned organizations to harden defenses. The cumulative toll is staggering. ShinyHunters asserts it has stolen over 1.5 billion Salesforce records across some 760 companies.