We have discovered that at the end of the last year our email database – comprising of first names, last names, job titles (almost never present) and email addresses – was copied from Salesforce by unknown attackers. If you registered your email address with us at any point, you should assume that these attackers now know your name and email and you should take the usual precautions.
This attack used social engineering (we still don’t know whether manual or automated) to deliver a PDF viral payload that passed the Gmail spam filter and antivirus scan. This virus then infected the browser to bypass security and accessed Salesforce. The Salesforce security team identified the virus as Dyreza malware.
What was stolen?
A file with some of the names and email addresses was exported from our database by the malware.
What wasn’t stolen?
The breach was Salesforce specific and lead specific. No payment information, transaction history, confidential customer information or license details were breached.
What are we doing about it?
In a company with such a strong engineering background, we always take security seriously. Our servers and sensitive data are protected by multiple layers of security.
The biggest lesson learned is the usual one – the weakest link in any security operation is people. We need to educate our employees to better understand social engineering and deploy additional security software to protect individual desktops and laptops.
In addition we will be performing an in-depth security audit for all our internal and external services – to make sure that such incidents can never happen again.
We are really sorry for any inconvenience this may cause you and will work hard to ensure this will never happen again.
CEO of ZeroTurnaround.