Marc Benioff, founder, chairman, and co-CEO of Salesforce, speaks at an Economic Club of Washington luncheon in Washington on October 18, 2019.
Nicholas Kamm | AFP | Getty Images
Uber said on Monday that he believed a hacking group dubbed Lapsus$ was behind a cyberattack last week and noted that other victims of the group’s attacks this year included Cisco, Nvidia, Okta and Samsung. Microsoft too said that Lapsus$ had accessed one of his accounts.
According to Uber, the attacker likely purchased the password of a company contractor on the dark web after a malware attack, and the contractor accepted a two-factor authentication request. The attacker downloaded Slack messages and posted a note on a Slack channel that “many of you have seen”, the ride-sharing company said.
Hackers often use what is known as social engineering, which involves exploiting trusted people rather than just attacking hardware and software.
“There is no finish line when it comes to security and social engineering,” Benioff said during a press briefing at Salesforce’s Dreamforce conference in San Francisco on Tuesday. “There are things we’re going to have to do to help our customers prevent these kinds of issues.”
Salesforce has had its systems exploited in the past. In 2007, a hacker would have obtained email addresses stored in Salesforce and used them to sue customers of Automatic data processing and other Salesforce customers. And in June, the Heroku unit of Salesforce said a hacker had obtained the account and source code passwords.
“We went through almost every possible situation,” Benioff said. “We have a lot to do in perpetuity, and we’re just going to keep working on it.”
Most of the company’s engineering team works on security and trust, said Bret Taylor, Salesforce’s other co-CEO. Taylor said trust was one of Salesforce’s original values when the company was founded in 1999.