"From March to June 2025, a cyber attacker was able to snoop around in Salesloft's GitHub account. This resulted in the theft of tokens that link Drift, Salesloft's sales platform, to Salesforce environments. As a result, large companies fell victim to one data breach after another this summer. As an intruder in Salesloft's GitHub account, the attacker was able to download the contents of various repositories, add a guest user, and set up workflows."
"After a two-month reconnaissance phase, the attacker managed to infiltrate Salesloft Drift's AWS environment. This lateral movement resulted in a significant haul, as OAuth tokens for Drift's customer companies were obtained. Big fish caught Thanks to the Drift integrations, the attacker gained access to hundreds of companies. A selection of the affected parties includes Cloudflare, Zscaler, Palo Alto Networks, CyberArk, Rubrik, Nutanix, Ericsson, and JFrog. The real consequences are yet to be seen, as the actual impact differed for each company."
From March to June 2025 an attacker accessed Salesloft's GitHub account and stole tokens that linked Drift to Salesforce. The intruder downloaded repository contents, added a guest user, and created workflows during a reconnaissance period. After two months the attacker moved laterally into Salesloft Drift's AWS environment and exfiltrated OAuth tokens tied to customer companies. The stolen tokens allowed access to hundreds of organizations, including Cloudflare, Zscaler, Palo Alto Networks, CyberArk, Rubrik, Nutanix, Ericsson, and JFrog. The impact varied by victim, ranging from exposed CRM fields and Salesforce Cases to limited service disruptions.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]