Automaker giant Stellantis confirms data breach after Salesforce hack

Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers' data after gaining access to a third-party service provider's platform.

Stellantis is a multinational corporation formed in 2021 after the merger of the PSA Group (Peugeot Société Anonyme) and Fiat Chrysler Automobiles (FCA). Stellantis is currently one of the largest automotive companies globally by revenue and the world's fifth-largest automaker by volume.

The company owns 14 major automotive brands, including Alfa Romeo, Chrysler, Citroën, Dodge, DS Automobiles, Fiat, Jeep, Lancia, Maserati, Opel, Peugeot, Ram, and Vauxhall, and it operates manufacturing facilities across Europe, North America, South America, and other regions, with operations in over 130 countries.

According to a statement published over the weekend, the attackers only stole customer contact information during the breach since the compromised platform was not used to store financial or other sensitive personal information.

"We recently detected unauthorized access to a third-party service provider's platform that supports our North American customer service operations," Stellantis said.

"Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers."

The auto giant also advised customers to be cautious of potential phishing attempts and to refrain from clicking suspicious links or sharing personal information when receiving unexpected emails, texts, or calls.

BleepingComputer reached out to Stellantis with questions about the incident, but a response was not immediately available.

Salesforce data breach claimed by ShinyHunters

Although Stellantis didn't share more information regarding this attack, BleepingComputer has learned that it is part of a recent wave of Salesforce data breaches linked with the ShinyHunters extortion group, which has affected numerous high-profile companies.

Earlier today, ShinyHunters claimed responsibility for the Stellantis data breach and told BleepingComputer that they had stolen over 18 million Salesforce records, including names and contact details, from the company's Salesforce instance.

Since the start of the year, the extortion group has been targeting Salesforce customers in data theft attacks using voice phishing attacks, impacting companies such as Google, Cisco, Qantas, Adidas, Allianz Life, Farmers Insurance, Workday, and LVMH subsidiaries, including Dior, Louis Vuitton, and Tiffany & Co.

ShinyHunters also claims they used stolen OAuth tokens for Salesloft's Drift AI chat integration with Salesforce to steal sensitive information, such as passwords, AWS access keys, and Snowflake tokens, after gaining access to customers' Salesforce instances.

Using this method, they claimed to have stolen customer information from Google, Cloudflare, Zscaler, Tenable, Palo Alto Networks, CyberArk, Nutanix, Qualys, Rubrik, Elastic, BeyondTrust, Proofpoint, JFrog, Cato Networks, and many more.

Last week, the FBI released a Flash alert sharing IOCs discovered during the attacks and warning about threat actors breaching organizations' Salesforce environments to steal data and extort victims. Meanwhile, the extortion group told BleepingComputer that they had stolen over 1.5 billion Salesforce records from 760 companies, using compromised Salesloft Drift OAuth tokens.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Tuesday 23 September 2025 at 12:28 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of August): 4,048

RIP Matrix