Chanel Client Data Breached in Widespread ShinyHunters Campaign Targeting Salesforce
The French fashion house Chanel has become the latest victim of an ongoing data compromise campaign targeting users of the Salesforce platform, suffering a breach of personal client information in the United States.
The incident was discovered on July 25, when threat actors gained unauthorized access to a database hosted by a third-party service provider affiliated with the brand. According to Chanel, the breach was limited to clients who had contacted the company’s U.S. customer service center and included names, email addresses, postal information, and phone numbers.
Although no highly sensitive data was exposed, the compromise is part of a far-reaching campaign attributed to the threat group ShinyHunters. In recent weeks, this group has aggressively exploited human vulnerabilities to infiltrate corporate Salesforce accounts. According to Mandiant, the attacks are multi-layered and rely on voice phishing (vishing) techniques, whereby employees are deceived into surrendering credentials or authorizing malicious OAuth applications that subsequently gain access to cloud-based CRM databases.
Once inside Salesforce environments, the attackers exfiltrate confidential data and use it as leverage in extortion attempts, sending direct ransom emails to corporate representatives. Salesforce has confirmed that its platform itself has not been compromised and emphasized that the attacks rely solely on social engineering tactics. The company urges clients to adhere to fundamental security practices, including mandatory multi-factor authentication, strict access controls, and vigilant oversight of third-party app integrations.
While no public data leaks have yet occurred, ShinyHunters are operating with caution, opting for direct negotiations with affected entities. In addition to Chanel, other confirmed victims include Adidas, Qantas, Allianz Life, and luxury brands within the LVMH portfolio—such as Louis Vuitton, Dior, and Tiffany & Co. There is growing concern that the true scope of the attack may exceed publicly acknowledged cases, as several other companies have yet to confirm breaches, and investigations remain ongoing.
This new wave of attacks targeting Salesforce represents one of the most serious emerging threats to major brands that rely on cloud platforms to manage customer engagement. The campaign starkly illustrates how even the most reputable companies can be rendered vulnerable—not by flaws in their systems, but by the fallibility of human behavior.