Salesloft: March GitHub Repo Breach Led to Salesforce Data Theft Attacks

Salesloft Drift security incident started with undetected GitHub access

Salesloft pinned the root cause of the Drift supply-chain attacks to a threat group gaining access to its GitHub account as far back as March, the company said in an update Saturday.  During a 10-day period in mid-August, the threat group compromised and stole data from hundreds of organizations.  The threat group, which Google tracks as UNC6395, spent time lurking in the Salesloft application environment, downloaded content from multiple reposi…

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August. [...]

GitHub Breach Exposed 700+ Companies in Months-Long Attack

Cybersecurity investigators say a massive supply-chain attack affecting over 700 companies began with a seemingly minor GitHub breach earlier this year. Salesloft first disclosed a security issue in the Drift application on Aug. 21, then shared more details about malicious OAuth token abuse five days later. According to an investigation by Mandiant, which is aiding Salesloft, the threat actors first gained access to its GitHub environment betwee…

Salesloft Drift hackers had access to company GitHub account for months before attacks

Hackers behind the Salesloft Drift breach had access to the company’s GitHub account for several months before waging a flurry of attacks, the company has revealed.