Phishing scam taps Salesforce data

Salesforce.com has admitted that its customer database has been breached after a member of its staff fell for a phishing scam.

"A Salesforce.com employee had been the victim of a phishing scam that allowed a customer contact list to be copied," said a letter from the company.

Salesforce.com, which has almost one million subscribers, admitted that the stolen data included first and last names, company names, email addresses, telephone numbers and related admin data.

The letter told customers to be aware that they were likely to be targeted by further attacks, including viruses and key-logging software, and asked them to be vigilant against bogus invoices that appear to come from the company.

"Unfortunately, one of the company's employees appears to have fallen for the phishing emails and inadvertently handed over access to the firm's customer database," said Geoff Sweeney, chief technology officer at behavioural analysis company Tier-3.

"As if that wasn't bad enough, Salesforce.com has reportedly tracked a second wave of forged emails that contain malware.

"The fact that the emails are addressed to specific customers and purport to come from Salesforce.com means that the chances of a customer's PC being infected are quite high."