One of the world’s largest jewelry companies, Pandora, has confirmed that its customers’ personal data has been compromised in a global wave of attacks on Salesforce. The attackers accessed customers’ names, email addresses and dates of birth through a third-party platform that Pandora uses to store data.

In a statement to customers, Pandora said the breach was quickly stopped and security measures were being stepped up. No passwords, documents or financial details were reportedly compromised.
Sources including Forbes and BleepingComputer have linked the breach to Salesforce, a cloud-based CRM platform that has been under attack since early 2025. The hackers used social engineering and phishing campaigns to gain access to employee accounts or force them to authorize malicious applications. They then downloaded the database and demanded a ransom, threatening to publish the stolen data.
According to journalists, the ShinyHunters group, known for the Snowflake incidents, is involved in the attacks. They have already admitted that they are engaged in private blackmailing of companies that do not agree to pay. In addition to Pandora, the victims of such attacks include Adidas, Qantas, Allianz Life, as well as the Louis Vuitton, Dior and Tiffany & Co brands.
Salesforce is one of the most popular cloud services for managing customer bases. The company insists that the platform itself was not compromised, and all leaks are the result of insufficient compliance with security measures by customers. In particular, Salesforce calls for activating multi-factor authentication (MFA), restricting access rights and carefully checking third-party applications.
Attacks such as OAuth abuse, in which the victim grants access permission himself, are becoming increasingly popular. This is what increases the importance of continuous staff training and internal cybersecurity audits.
The Pandora incident highlights a new reality in digital security: even large, internationally renowned companies can fall victim to phishing and social engineering if they neglect basic access protection principles. It is important not only to use reliable platforms, but also to work with them correctly.