#unc6395

[ follow ]
#oauth-token-theft #salesforce #supply-chain-attack #unc6040 #salesforce-breach #indicators-of-compromise
Information security
fromDataBreaches.Net
1 day ago

FBI Flash Alert: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion - DataBreaches.Net

Cybercriminal groups UNC6040 and UNC6395 target organizations' Salesforce platforms for data theft and extortion; Indicators of Compromise (IOCs) are provided to aid detection and network defense.
Information security
fromThe Hacker News
1 day ago

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks

Two distinct cybercriminal groups, UNC6395 and UNC6040, targeted Salesforce platforms to steal data and extort victims using OAuth token compromise and vishing-based access.
Information security
fromIT Pro
5 days ago

Salesloft Drift hackers had access to company GitHub account for months before attacks

Threat actors accessed Salesloft's GitHub for months, exfiltrated secrets and tokens, then used Drift integrations' OAuth tokens to access customer data.
Information security
fromTechCrunch
5 days ago

Salesloft says Drift customer data thefts linked to March GitHub account hack | TechCrunch

A March GitHub breach at Salesloft allowed theft of authentication and OAuth tokens, enabling mass hacks of multiple large tech customers and a supply-chain compromise.
Information security
fromDataBreaches.Net
1 week ago

Salesloft Drift Breach Rolls Up Cloudflare, Palo Alto, Zscaler, and Others - DataBreaches.Net

Supply-chain attacks exploiting a Salesloft/Drift Salesforce OAuth vulnerability compromised customer Salesforce instances at Cloudflare, Palo Alto Networks, Zscaler, SpyCloud, PagerDuty, and hundreds more.
fromTechzine Global
1 week ago

Hackers steal customer data from Zscaler via Salesloft leak

Following a previous series of victims, Zscaler has also been affected by a hacked Salesforce Drift instance. This resulted in the theft of customer data and information about support cases. Zscaler warns that hackers stole sensitive customer data after gaining access to their Salesforce environment. The stolen data includes customer names, email addresses, job titles, phone numbers, and location data. In addition, product licenses, commercial information, and the content of certain support cases have also been compromised.
Information security
Information security
fromThe Hacker News
2 weeks ago

Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations

All Salesloft Drift integrations and stored authentication tokens are potentially compromised, enabling attackers to access Salesforce instances and Google Workspace accounts via stolen OAuth tokens.
Information security
fromTheregister
2 weeks ago

Google links Salesforce data thefts to Salesloft breach

Attackers stole OAuth tokens from the Drift app used by Salesloft to access Salesforce databases and exfiltrate sensitive credentials and customer records.
Information security
fromTechzine Global
2 weeks ago

Hackers steal Salesforce data via Salesloft integration

Hackers exploited the Salesloft–Drift–Salesforce integration to steal OAuth and refresh tokens, gaining access to customer data including AWS keys and passwords.
Information security
fromThe Hacker News
2 weeks ago

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

Hackers breached Salesloft to steal Drift OAuth and refresh tokens, enabling exfiltration of Salesforce data and credentials from multiple corporate instances.
[ Load more ]