- Allianz Life was targeted in the ShinyHunters attack campaign
- Heebeenpwned now estimates that 1.1 million Allianz Life customers have been affected
- This campaign has affected a large number of companies
The number of clients affected by the recent violation of Allianz’s life has apparently been confirmed to around 1.1 million customers, Pwned said.
“Allianz attributed the attack to” a social engineering technique “which targeted data on Salesforce and led to the exposure of unique email addresses, names, sexes, birth dates, telephone numbers and physical addresses”, confirms the site.
The insurance company was targeted earlier in 2025, the “majority” of the 1.4 million customers of the company with sensitive data exposed, after intrusion by a Salesforce CRM system based on the cloud, used by the company.
An current campaign
It also seems that this violation is linked to a number of other violations of an ongoing campaign which takes advantage of the Salesforce platform in data theft attacks.
Allianz Life has not confirmed that this violation is part of the wider campaign, but the moment and the similarities of this violation correspond to the other targeted in the shinyhuters’ extortion attacks targeting the customers of Salesforce.
That said, Salesforce denies that their platform has been compromised;
“The Salesforce platform has not been compromised, and this problem is not due to any known vulnerability in our technology,” said a spokesperson Techradar Pro.
“We know how disruptive and stressful these incidents can be, and our teams are fully committed to supporting affected customers and helping any impact. Our blog provides additional context and advice on strengthening security posture against social engineering attacks, including best practices, solid access controls and proactive measures. ”
Among the violations of the ShinyHuanters’ campaign are Google, At & T, Santander and many others.
Since personal information such as email addresses, names, birth dates, physical addresses and telephone numbers have been accessible during violation, the consumers concerned should be sure to take a look at the best protection of identity theft to stay safe.
Protective measures
For all the organizations concerned by the violation, it is important to remember these incidents from social engineering attacks – so the most crucial thing to implement is a rigorous phishing training program and to ensure that employees are confident to identify attempts at social engineering with regular tests.
Apart from that, make sure that you deploy the best termination points protection tools can protect your business and respond to attacks faster.
“Once the attackers have accelerated in third -party platforms like the CRM, they do not only steal data but are preparing for the next move,” explains the director of security (CSO) and information security EVP (CISO) at Thingsrecon, Tim Grieveson.
“Even if only” basic “details such as corporate names and contact details are taken, these assets are rich fuel for phishing, identity and identity and exploitation of supply chains. Cascade repercussions, and companies must stop thinking about external tools like someone else’s problem. If your customer data live there, the same goes for your risk.
