Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: security curmudgeon (jerichoattrition.org)
Date: Thu Nov 08 2007 - 09:16:07 CST
---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>
By Tom Espiner
07 Nov 2007
Salesforce.com is refusing to reveal details of a security breach caused
when one of its employees surrendered their password in a phishing attack
against the company.
Details of Salesforce.com's customers were stolen as a result of the
password being surrended, the CRM services company admitted to customers
But, when contacted by ZDNet.co.uk, the company refused to say whether any
UK customers had been affected, whether any financial damage had occurred,
and whether any disciplinary action had been taken against any employees
as a result of the security incident. It offered no other comment on the
Salesforce.com first noticed a possible security breach when it saw a rise
in phishing attacks directed against customers "a couple of months ago".
Upon investigation, the company found that one of its employees had been
"tricked" into disclosing a password, allowing a customer list to be
stolen, according to Monday's letter, which was sent to customers by
executive vice president of technology Parker Harris.
Dataloss Mailing List (datalossattrition.org)
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!