Trying to understand what's the real damage here. Dates of birth, Email addresses, Loyalty program details, Names, Phone numbers - how is one going to use this data to cause a loss the data owner? If any security check depends on this data by considering it as a secret, then I guess it's the fault of that security check.
>> If any security check depends on this data by considering it as a secret, then I guess it's the fault of that security check.
That is very small solace when you're the victim, regardless of the failures of others. "But you shouldn't be using that data as validation!" is not the first response when say, you find out someone's opened a credit card in your name with a $20K balance. Or your friends & family get phished (especially with the help of AI) because they know so much about you it had to be you.
https://security.stackexchange.com/a/95070
https://en.wikipedia.org/wiki/Phishing#Spear_phishing
As I mentioned, the real issue is around considering of this data as a secret.
Phishing and persecution are real things that happen and can be greatly facilitated by personal details like this.
Just to clarify to the downvoters: I meant "Secret" as in password, not as in "private data". It is a private data, but it shouldn't be used as a secret to pass some security check.
Where in the article does it say that the leaked information is used as a secret to pass security checks?
You are attacking a straw man here.
It's inherently a loss of privacy that anyone (given that the dataset is now public) can correlate
> Dates of birth, Email addresses, Loyalty program details, Names, Phone numbers
>In October 2025, data stolen from the Salesforce....
Seems like a salesforce leak. Not to single out sales force here. Could easily be fill in the ____ big corp. When are people going to get there is no absolute digital security. And at currently state, it is much more secure to NOT have all the data aggregated in one place. Of course this would go against the data mining operation. We should look at this from a perspective that benefits the user in the long term.
Server/relay should be very thin layer NOT storing any identifiable info about the user except for public keys. All other info should be stored locally where ONLY the user has access to them.
I don't think Salesforce itself was hacked. It says "data stolen from the Salesforce instances of multiple companies".
HIBP links to [1], which links to [2], which says
>The FBI last week warned airlines in the US that the group was targeting the aviation sector. In a post on X, the FBI said the group uses social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access, and bypassing multi-factor authentication.
So it sounds like phishing attacks against the individual airlines. It sounds pretty much the same as [3], which goes into detail of the exact mechanism that phishers can use to steal Salesforce data. It does sound like it is a little bit Salesforce's fault, because Salesforce's UI makes it really easy to grant an attacker access to your database without realizing it. Salesforce needs to improve the permission granting UI so that it's clearer what is going on.
[1] https://www.theguardian.com/business/2025/oct/11/hackers-lea...
[2] https://www.theguardian.com/business/2025/jul/02/qantas-conf...
[3] https://cloud.google.com/blog/topics/threat-intelligence/voi...
There are lots of Saleforce customers getting hacked. [1]
> Insurance giant Allianz Life, Google, fashion conglomerate Kering, the airline Qantas, carmaking giant Stellantis, credit bureau TransUnion, and the employee management platform Workday, among several others, have confirmed their data was stolen in these mass hacks.
Perhaps it's bad security defaults which are in some sense user error, but when it becomes common pattern then I think the company needs to make systematic fixes.
Compare with many Snowflake customers getting hacked.
[1] https://techcrunch.com/2025/10/03/hacking-group-claims-theft...
Another way to look at it is what's the real damage considering the breach right under Vietnam airlines already leaked that.
Phishing, scams and social engineering mostly. Such breaches are a gold mine for that.
Scam calls are a lot more credible when rather than starting with "Hello, this is Microsoft calling. There is a problem with your computer." you get a call like:
"Hello Mr. zkmon, this is Mallory from MasterCard. I'm calling to verify a recent, suspicious transaction from your card to Vietnam Airlines on August 6th. We just want to make sure that was you and your card is not being misused. Before we do that can we please quickly verify your identity? I see here in our system that you're born in 1996. Can you please tell me your exact birth date so I can be sure I'm really talking to Mr. zkmon?"
Bonus points when the breach contains what bank you are at so they can pretend to be them.
Also such databreaches are useful for stalking people or tracking people down with very little information and then doxing them etc. Say all you have is an online username of someone you don't like, so you just search a database of leaks for that string. From there you get an email address and full name. And from there you can continue searching other breaches with those details and using other public sources.
I’ve seen folks get their frequent flyer miles siphoned off. This would be perfect for a phishing attack intended to do that.