Pandora Hit by Data Breach as Salesforce-Targeted Threat Escalates
Pandora, the globally recognized jewelry powerhouse with over 2,700 stores and 37,000+ employees, has officially disclosed a data breach affecting customer information. This breach is part of a wider cyberattack campaign that’s been exploiting vulnerabilities in Salesforce-integrated systems across multiple industries.
What Happened in the Pandora Breach?
In a data breach notification sent to impacted customers, Pandora confirmed that unauthorized access occurred via a third-party platform. Although Pandora didn’t name the platform directly, sources have confirmed that the breach originated from its Salesforce database.
According to the statement, contact details including names, birthdates, and email addresses were stolen. Fortunately, passwords, IDs, and payment information were not accessed. Pandora acted swiftly to shut down the intrusion and has since bolstered its security protocols to prevent further attacks.
“We stopped the access and have further strengthened our security measures,” the notification read.
A Part of a Bigger Attack Campaign
Pandora is not alone. This breach is just one in a string of coordinated cyberattacks targeting companies that use Salesforce. Threat actors have been using phishing and social engineering techniques since at least January 2025 to gain access to sensitive Salesforce accounts.
The attacks typically involve stealing employee credentials or convincing staff to authorize malicious OAuth applications, allowing attackers to download entire databases. Once the data is obtained, the attackers — including the known group ShinyHunters — extort companies for ransom, threatening to leak the data if payments aren’t made.
Other global brands affected in this Salesforce breach wave include Adidas, Qantas, Allianz Life, and luxury giants Louis Vuitton, Dior, and Tiffany & Co.
Salesforce Responds: Not Our Vulnerability
In response to growing concern, Salesforce emphasized that its platform has not been breached and that these incidents result from user-side vulnerabilities, not system flaws. The company urged all clients to:
- Enable multi-factor authentication (MFA)
- Apply the principle of least privilege
- Audit connected applications regularly
Salesforce has published a dedicated blog post with best practices to prevent similar attacks, which can be accessed here.
Conclusion: Time to Get Serious About SaaS Security
The Pandora breach is a stark reminder that even top-tier brands are vulnerable when SaaS security protocols aren’t airtight. While Salesforce offers robust security tools, the human element — particularly in employee awareness and app authorization — remains a critical weak point. With cyber extortion threats on the rise, organizations must reassess how their cloud platforms are accessed, monitored, and protected. For Pandora’s customers and others affected, the hope is that this breach sparks proactive change across the digital landscape.
