Zscaler Discloses Data Breach Following Salesforce Instance Compromise

Cybersecurity firm Zscaler has disclosed a data breach affecting customer contact information after unauthorized actors gained access to the company’s Salesforce database through compromised third-party application credentials.

The breach originated from a broader campaign targeting Salesloft Drift, a marketing automation platform that integrates with Salesforce databases to manage leads and customer relationships.

Cybercriminals successfully stole OAuth tokens from Salesloft Drift, granting them unauthorized access to connected Salesforce instances across multiple organizations, including Zscaler.

The cloud security provider emphasized that the incident was confined to its Salesforce environment and did not compromise any of Zscaler’s core products, services, or underlying infrastructure systems that protect thousands of enterprise customers worldwide.

Scope of Data Exposure

According to Zscaler’s investigation, the unauthorized access was limited to business contact information and Salesforce-specific content.

The compromised data included customer names, business email addresses, job titles, phone numbers, regional location details, and Zscaler product ...