Sergiu Gatlan reports:
Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack that targeted a company representative.
After becoming aware of the incident on July 24th, the networking equipment giant discovered that the attacker tricked an employee and gained access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco.
This allowed the threat actor to steal the personal and user information of individuals with Cisco.com user accounts, including names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as creation dates.
Read more at BleepingComputer. As Gatlan notes, although not confirmed at this time, this may well be another Salesforce-related attack. The Salesforce campaign has been attributed to ShinyHunters.