24.09.2025
2 min
465
International automaker Stellantis has confirmed unauthorized access to a third-party provider’s platform that supports customer service in North America. A fragment of a large-scale campaign against Salesforce instances has already been linked to Shiny Hunters, the same attackers who were previously linked to failures at Jaguar Land Rover (JLR) factories.
The company said it immediately activated response procedures, localized the incident and did not find any compromise of sensitive personal or payment data. According to it, access was limited to contact information: names, phone numbers and e-mail addresses of customers. At the same time, Shiny Hunters told the media that they stole more than 18 million Salesforce records with contact information. Experts warn that even “basic” fields are enough for targeted phishing, social engineering and fraud, so customers should expect a wave of spoofing and fake “dealer/support” calls.
Stellantis is a concern with headquarters in Michigan and the Netherlands, which unites 14 brands (including Chrysler, Jeep, Dodge, Ram, Fiat, Opel, Peugeot, Citroën, Maserati, Alfa Romeo). In November 2024, part of the company’s American factories was already paralyzed by a **cascading failure at the supplier Yanfeng, associated with the exploitation of a zero-day in Citrix (the attack was attributed to LockBit**). In parallel, JLR is restoring production for the fourth week after an incident also related to Salesforce; the company, according to media reports, did not have time to take out cyber insurance and is losing ≈£50 million per week.
Although Stellantis claims that the leak is limited, the contact details are sufficient material for large-scale phishing campaigns against car owners and their entourage. Customers should check email domains, ignore links requiring “confirm account/payment”, use a password manager without autofill on new sites, and contact official support channels. The company itself and partners should revise rights in CRM, enable MFA/SSO, access logs, and DLP policies, as well as conduct transparent communication with notification of victims.
