Google Links Salesforce Data Thefts to Salesloft Breach

Google links Salesforce data thefts to Salesloft breach

UPDATE: Attackers steal OAuth tokens to access third-party sales platform, then CRM data in 'widespread campaign'

Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent

Google Threat Intelligence Group warned about a “widespread data theft campaign” that compromised hundreds of Salesforce customers over a 10-day span earlier this month.  According to a report published Tuesday, researchers say a threat group Google tracks as UNC6395 stole large volumes of data from Salesforce customer instances by using stolen OAuth tokens from Salesloft Drift, a third-party AI chat agent for sales and leads. Google said the at…

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks

Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks.

Google Reveals UNC6395’s OAuth Token Theft in Salesforce Breach

UNC6395 exploited stolen OAuth tokens from Salesloft Drift to bypass MFA and steal Salesforce data, Google and Mandiant warn.

Hackers steal Salesforce data via Salesloft integration

Google advises affected organizations to analyze their Salesforce logs and look for specific patterns. What happened?

ShinyHunters Breach Salesloft Integration, Steal Customer Data

In the intricate world of enterprise software, where sales automation platforms like Salesloft promise seamless integrations to boost revenue workflows, a recent cyberattack has exposed the vulnerabilities lurking in third-party connections. Hackers infiltrated Salesloft’s systems, specifically targeting its Drift chat agent integration with Salesforce, to pilfer OAuth and refresh tokens. These digital keys allowed the attackers to pivot into cu…