Pandora has confirmed a data breach that exposed customer information via a third-party platform, marking the latest in a string of cyberattacks targeting companies using Salesforce.
Quick Summary – TLDR:
- Pandora revealed that customer names, emails, and birthdates were accessed through a third-party breach.
- The breach is linked to ongoing Salesforce-related cyberattacks affecting global brands.
- No passwords, credit card data, or sensitive financial information were compromised.
- Customers are urged to watch for phishing emails impersonating Pandora.
What Happened?
Pandora, one of the world’s largest jewelry brands, confirmed that attackers accessed customer data through a third-party platform. The incident is now believed to be part of a wider wave of cyberattacks linked to Salesforce credential thefts. Pandora assured users that no sensitive data like passwords or financial details were stolen, and says the breach has been contained.
Pandora Confirms Limited Customer Data Exposed
Pandora disclosed the breach through customer emails, confirming that names, email addresses, and in some cases birthdates were accessed. The company emphasized that internal systems were not compromised and that only limited personal information was affected.
“We are writing to inform you that your contact information was accessed by an unauthorized party through a third-party platform we use,” Pandora stated in the breach notification. “We stopped the access and have further strengthened our security measures.”
Pandora did not initially reveal the identity of the platform, but it has since emerged that the breach involved data stored on the company’s Salesforce systems.
Salesforce-Linked Cyberattack Pattern Emerges
This breach appears connected to a wider campaign targeting Salesforce credentials via phishing and social engineering. Threat actors are reportedly using malicious OAuth apps and impersonation tactics to gain access to customer data. Once inside, they exfiltrate information and initiate private ransom negotiations.
The notorious group ShinyHunters has taken responsibility for some of these attacks, including the Pandora breach. They have threatened to leak data from companies that refuse to meet their demands, similar to tactics used in the recent Snowflake data theft campaign.
Other major companies impacted by these Salesforce-related incidents include:
- Adidas
- Qantas
- Allianz Life
- LVMH brands like Louis Vuitton, Dior, and Tiffany & Co.
No Evidence of Data Leak So Far
Pandora assures customers that there is no current evidence of the stolen data being published online or sold on dark web forums. However, the company advises users to stay vigilant:
“We recommend that you pay extra attention to unusual emails and online activities prompting you for your data, as this could be phishing attempts from third parties pretending to be associated with Pandora.”
Pandora says it is working with its supplier to investigate the breach thoroughly and has enhanced its security posture.
Cybersecurity Experts Raise the Alarm
Industry experts warn that this incident reflects a shift in attacker behavior. Instead of launching visible disruptions, hackers are now quietly harvesting data for long-term extortion and fraud.
“Rather than immediate disruption, attackers are quietly harvesting sensitive information to power extortion schemes, identity fraud, and Dark Web trade,” said Darren Williams, CEO of BlackFog. He added that retail ransomware incidents rose 58% in Q2 2025, putting massive pressure on businesses to upgrade their defenses.
Pandora Urges Caution, Salesforce Responds
While Salesforce itself was not breached, the platform confirmed that it continues to see a rise in social engineering threats.
“Salesforce has not been compromised,” the company said to a publication. “Customers play a critical role in keeping their data safe, especially amid a rise in sophisticated phishing and social engineering attacks.”
Salesforce recommends that companies:
- Enable multi-factor authentication
- Limit account permissions
- Audit connected apps regularly
SQ Magazine Takeaway
This Pandora breach shows how even basic personal data, when accessed through trusted third-party systems, can be exploited by sophisticated attackers. I think it is alarming how many companies rely on cloud platforms like Salesforce without enforcing stricter access controls. These kinds of breaches are no longer just IT problems, they are brand and trust issues. If a global brand like Pandora can be targeted this easily, it’s a wake-up call for everyone.
