frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Workday suffered a data breach

https://gizmodo.com/hr-giant-workday-got-hacked-2000644474
66•avonmach•2h ago

Comments

exabrial•2h ago
They have a huge amount of federal contracts. This will be interesting.
ethan_smith•47m ago
As a FedRAMP authorized provider, Workday will face mandatory reporting requirements under FISMA and likely need to conduct a formal incident assessment with their federal agency customers within strict timeframes.
gruez•2h ago
This seems like a nothingburger? By all accounts it seems like their salesforce database that got breached, which means realistically means contact details for key decision makers that they're trying to sell to (think CEO, CFO, head of HR, etc.). Don't get me wrong, all things being equal I'd prefer the leak to not have happened, but whatever contact info is in the database probably was already semi-public, given some salesperson at workday had to find it to enter it in the first place.

>Then there’s this spicy little detail from TechCrunch: the company’s blog post announcing the breach has a “noindex tag” in the source code, which signals to search engine crawlers not to index the page so it won’t come up in search results.

This is trivially disproven by clicking on an unrelated story[1] and seeing that it also has the <meta name="robots" content="nofollow, noindex"/> tag.

[1] https://blog.workday.com/en-us/our-commitment-to-our-europea...

skybrian•2h ago
It's not nothing. These 'Salesforce attacks' are due to social engineering, which means that someone at the company is still responsible.

(And of course, Salesforce should be making these attacks harder.)

chupchap•1h ago
Salesforce does offer granular controls for admins to restrict or allow connected apps, but in a lot of older instances this is not restricted. Partly this is due to lack of awareness of the threat vector, or sometimes because no one cares enough. In the current release I think Salesforce is locking things down by default to avoid this. https://help.salesforce.com/s/articleView?id=release-notes.r...
moron4hire•1h ago
Companies put a lot more than just sales leads into Salesforce. A lot of places treat it as a general purpose, internal application platform. Just knowing it was Salesforce doesn't tell you anything about the scope of the breach.
bombcar•1h ago
It’s incredibly easy (and powerful) to use SF has the source of truth for all sorts of things, so “it was an SF leak” doesn’t tell you much.
oracel•57m ago
Even if the breached data might be insignificant, a constant stream of 'X_Company hacked because of Salesforce' headlines (even if this title is misleading) is pretty bad for $CRM judging from a quick glance at their YTD.
dontdoxxme•2h ago

    The company said the breach hit some of its third-party customer relationship databases. If any other data was stolen, Workday didn’t say for sure. The company only said there was “no indication of access to customer tenants or the data” within those databases
So that would be customer data of the admin / HR team at their customers, but not all the users, so while not good, it's not going to directly give really sensitive data; most likely to be used for further phishing attacks.
protocolture•1h ago
The real story here is that gizmodo is still a going concern.
ProAm•33m ago
Please stick to the HN guidelines for posting and not turning this place into Reddit or Twitter
xnx•1h ago
Google did a very good writeup on this type of Salesforce phishing attack: https://cloud.google.com/blog/topics/threat-intelligence/voi...

Starting game development in JavaScript with no experience

https://jslegenddev.substack.com/p/how-to-start-making-games-in-javascript
15•JSLegendDev•55m ago•1 comments

X-ray scans reveal Buddhist prayers inside tiny Tibetan scrolls

https://www.popsci.com/technology/tibetan-prayer-scroll-scans/
52•Hooke•2d ago•3 comments

Lab-grown salmon hits the menu

https://www.smithsonianmag.com/smart-news/lab-grown-salmon-hits-the-menu-at-an-oregon-restaurant-as-the-fda-greenlights-the-cell-cultured-product-180986769/
71•bookmtn•3h ago•99 comments

Obsidian Bases

https://help.obsidian.md/bases
325•twapi•4h ago•101 comments

Croatian freediver held breath for 29 minutes

https://divernet.com/scuba-news/freediving/how-croatian-freediver-held-breath-for-29-minutes/
98•toomanyrichies•2h ago•28 comments

A minimal tensor processing unit (TPU), inspired by Google's TPU

https://github.com/tiny-tpu-v2/tiny-tpu
84•admp•5h ago•2 comments

Show HN: Whispering – Open-source, local-first dictation you can trust

https://github.com/epicenter-so/epicenter/tree/main/apps/whispering
269•braden-w•9h ago•73 comments

Precision mapping tracks woody plant spread across Great Plains grasslands

https://phys.org/news/2025-07-precision-tracks-woody-great-plains.html
8•PaulHoule•3d ago•0 comments

XZ Utils Backdoor Still Lurking in Docker Images

https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images
55•torgoguys•2h ago•16 comments

Left to Right Programming

https://graic.net/p/left-to-right-programming
205•graic•9h ago•175 comments

Counter-Strike: A billion-dollar game built in a dorm room

https://www.nytimes.com/2025/08/18/arts/counter-strike-half-life-minh-le.html
219•asnyder•11h ago•194 comments

Show HN: We started building an AI dev tool but it turned into a Sims-style game

https://www.youtube.com/watch?v=sRPnX_f2V_c
99•maxraven•7h ago•58 comments

Show HN: I built an app to block Shorts and Reels

https://scrollguard.app/
479•adrianhacar•2d ago•191 comments

An IRC-Enabled Lawn Mower

https://jotunheimr.idlerpg.net/users/jotun/lawnmower/
45•rickcarlino•2d ago•7 comments

OpenMower – An Open Source Lawn Mower

https://github.com/ClemensElflein/OpenMower
10•rickcarlino•1h ago•3 comments

Spice Data (YC S19) Is Hiring a Product Associate (New Grad)

https://www.ycombinator.com/companies/spice-data/jobs/RJz1peY-product-associate-new-grad
1•richard_pepper•4h ago

A general Fortran code for solutions of problems in space mechanics [pdf]

https://jonathanadams.pro/blog-articles/Nasa-Fortran-Code-1963.pdf
18•keepamovin•2h ago•4 comments

The Rising Returns to R&D: Ideas Are Not Getting Harder to Find

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5242171
61•surprisetalk•4d ago•12 comments

FFmpeg Assembly Language Lessons

https://github.com/FFmpeg/asm-lessons
310•flykespice•12h ago•91 comments

What could have been

https://coppolaemilio.com/entries/what-could-have-been/
110•coppolaemilio•3h ago•90 comments

Anna's Archive: An Update from the Team

https://annas-archive.org/blog/an-update-from-the-team.html
801•jerheinze•9h ago•378 comments

Show HN: I built a toy TPU that can do inference and training on the XOR problem

https://www.tinytpu.com
55•evxxan•6h ago•11 comments

Newgrounds: Flash Forward 2025

https://www.newgrounds.com/bbs/topic/1542140
29•lsferreira42•4h ago•7 comments

Shamelessness as a strategy (2019)

https://nadia.xyz/shameless
124•wdaher•3h ago•46 comments

Show HN: Fractional jobs – part-time roles for engineers

https://www.fractionaljobs.io
164•tbird24•5h ago•78 comments

Structured (Synchronous) Concurrency

https://fsantanna.github.io/sc.html
20•jbkcc•4h ago•1 comments

GenAI FOMO has spurred businesses to light nearly $40B on fire

https://www.theregister.com/2025/08/18/generative_ai_zero_return_95_percent/
181•rntn•6h ago•86 comments

T-Mobile claimed selling location data without consent is legal–judges disagree

https://arstechnica.com/tech-policy/2025/08/t-mobile-claimed-selling-location-data-without-consent-is-legal-judges-disagree/
250•Bender•6h ago•62 comments

The Cutaway Illustrations of Fred Freeman (2016)

https://5wgraphicsblog.com/2016/10/24/the-cutaway-illustrations-of-fred-freeman/
75•Michelangelo11•2d ago•7 comments

Launch HN: Reality Defender (YC W22) – API for Deepfake and GenAI Detection

https://www.realitydefender.com/platform/api
68•bpcrd•11h ago•32 comments