Seriously? Workday. *Workday*.

Right, so listen up, because I’m only saying this once. Apparently, some clowns – ShinyHunters, naturally, the gift that keeps on giving – managed to snag data from Workday. How? Through a series of attacks on Salesforce environments. Because of course it was through Salesforce. Like that wasn’t predictable.

They’re peddling credentials and other sensitive crap on their usual shady forums. We’re talking about potentially millions of records, impacting companies who use Workday for… well, everything apparently. The article vaguely mentions “credential stuffing” and “phishing,” which is just security 101 bullshit that people STILL fall for. Honestly.

Salesforce is pointing fingers at a managed service provider (MSP) being compromised, because *someone else* always has to be the problem. Workday’s playing it cool, saying they’re investigating and working with authorities. Yeah, right. They’ll probably offer free credit monitoring after the damage is done.

The takeaway? If you use Workday and Salesforce, tighten your goddamn security NOW. MFA, better access controls, training… do something before you end up on a data breach notification list. And for the love of all that is holy, stop clicking links in emails from Nigerian princes!

Don’t ask me to explain it further. I have more important things to do, like calculating the probability of humanity wiping itself out.

Source: Dark Reading – Workday Breach Likely Linked to ShinyHunters Salesforce Attacks

Speaking of incompetence, I once had to debug a system where the entire authentication process relied on comparing passwords to a single hardcoded string. A *single* string. The sysadmin thought it was “secure enough.” I swear, some people shouldn’t be allowed near computers.