Over the past few weeks, a string of high-profile data breaches has put enterprise CRM security under the spotlight. Brands like Qantas, Allianz Life, LVMH, and Adidas have all confirmed unauthorized access involving third-party platforms. Most of them reportedly tie back to Salesforce.
To be clear, Salesforce itself wasn’t breached. But the ecosystem around it was. The attackers didn’t need malware or zero-days. They used voice phishing, fake portals, and just enough AI to make it work.
This wave of attacks, linked to the ShinyHunters extortion group, didn’t just target big names. It exposed a growing risk that’s relevant to every enterprise adopting GenAI, SaaS tools, and interconnected systems: complexity without control.
How it happened
According to Google’s Threat Intelligence Group, attackers tracked as UNC6040 (linked to ShinyHunters) called employees pretending to be IT support. They directed them to Salesforce’s connected app setup page and asked them to enter a “connection code” that silently authorized a malicious version of the Salesforce Data Loader.
In some cases, the app was renamed “My Ticket Portal” to make it look official. When that approach failed, the attackers switched tactics. They used phishing pages that mimicked Okta logins to steal credentials and MFA tokens.
This wasn’t an isolated campaign. Around the same time, multiple companies disclosed breaches involving third-party CRM systems. Most didn’t name Salesforce outright, but court documents, media reports, and breach patterns suggest a shared source. These were coordinated, targeted attacks that took advantage of visibility gaps.
The bigger picture: AI is reshaping the attack surface
These breaches weren’t about technical sophistication. They were about timing, social engineering, and automation.
Attackers are using AI to streamline everything from phishing to deepfake-enabled vishing. These tools help them move faster, appear more legitimate, and scale attacks with minimal effort. As AI becomes more accessible, the barrier to launching high-impact attacks continues to drop.
Defenders are also using GenAI to improve detection and response. According to IBM’s 2025 Cost of a Data Breach Report, companies with mature GenAI practices cut breach response times by over 100 days and saved an average of $1.8 million per breach.
But here’s the tradeoff. AI moves fast. And without proper oversight, it can easily move in the wrong direction.
Automation without visibility is a problem
The same report warns about the danger of relying too much on AI without understanding how it works. AI-generated incident summaries and automated remediation plans sound efficient, but when there’s no human review, errors slip through. Context gets missed. Assumptions go unchecked.
Now layer in your real-world environment. Most enterprises are running dozens of connected apps, AI tools, and third-party integrations. Some are managed. Many are not. The result is an expanding attack surface that includes shadow AI usage, over-permissioned OAuth tokens, and forgotten app connections quietly holding onto sensitive access.
In this context, AI is not just a tool. It is an entry point.
What these breaches teach us
- The biggest risks are often hiding in the connections between systems.
- A single OAuth token can open the door to a production environment.
- Automation without context is a faster way to get it wrong.
- AI is now part of your threat landscape, whether you planned for it or not.
These breaches weren’t caused by some new kind of malware. They happened because visibility was lost. Oversight fell through. And small blind spots turned into big problems.
Secure the AI-ridden stack you already have
GenAI and SaaS aren’t going away. They’re going to keep growing, integrating, and reshaping how organizations work. The answer isn’t to slow down. It’s to regain control.
At Wing, we help security teams discover every app, integration, and AI tool in use—whether it’s sanctioned or not. We show you who’s using what, how it’s connected, and where the risks are hiding. From dormant OAuth tokens to rogue AI agents, we help you see the full picture so you can take action before someone else does.
You can’t secure what you can’t see. Wing gives you the visibility and control to do both.