More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach

Cybersecurity firms Proofpoint, SpyCloud, Tanium, and Tenable have confirmed that information in their Salesforce instances was compromised as part of the recent Salesforce–Salesloft Drift attack.

The campaign was publicly disclosed on August 26, when Google’s threat intelligence team reported that a threat actor tracked as UNC6395 exported large volumes of data using compromised OAuth tokens for the third-party AI chatbot Salesloft Drift.

The attackers, Google said, exploited the Salesforce-Salesloft Drift integration to steal data pertaining to hundreds of organizations, targeting sensitive information such as AWS access keys, passwords, and Snowflake-related access tokens.

Initially believed to only impact organizations that used the Drift integration, the campaign was later found to have affected other Salesforce customers as well.

On August 28, Google revealed that Workspace customers were affected, and security firms Cloudflare, Palo Alto Networks, and Zscaler disclosed impact as well shortly after.

Overall, the attack is estimated to have ...