Particle.news

Download on the App Store

Pandora Contains Breach Through Third-Party Platform, Tightens Security

The incident highlights a wave of cloud-platform attacks on major retailers exploiting third-party vulnerabilities.

Image
Image
Image
Image

Overview

  • The breach was traced to unauthorized access of a vendor platform connected to Pandora’s Salesforce database, part of a series of cloud-service attacks on retailers this year.
  • Pandora discovered and halted the attack on August 5, strengthening defenses and conducting extensive system checks.
  • Exposed data was confined to customer names, birthdates and email addresses, with no passwords or payment information compromised.
  • Pandora reports no evidence that the stolen records have been published or sold and has launched an investigation into the vendor platform and perpetrators.
  • Security specialists advise customers to enable two-factor authentication and remain vigilant for phishing attempts leveraging the leaked information.