Hackers Hijack Salesloft: OAuth Token Heist Unleashes Chaos on Salesforce Data
Hackers targeted Salesloft to swipe OAuth tokens for the Drift AI chat, with UNC6395 making off like digital bandits. Google and Mandiant suggest Salesforce users check their data’s pulse, as AWS keys and Snowflake tokens may have joined the heist. Remember, in the world of data theft, it’s always better to be safe than 503’d.
Hot Take:
Data theft has taken a new twist, with UNC6395 pulling off the digital equivalent of a high-wire act. One minute they’re stealing OAuth tokens, and the next they’re walking the tightrope of Salesforce data exfiltration. Meanwhile, Salesloft and Salesforce are left scrambling like a pair of circus clowns trying to put out a fire with a bucket full of confetti. It’s a real three-ring circus of cybersecurity chaos!
Key Points:
- UNC6395 hacked Salesloft to steal OAuth tokens related to Drift AI chat.
- The campaign targeted Salesforce, exfiltrating data and credentials.
- Google and Mandiant are on the case, urging immediate credential rotation.
- Salesloft revoked Drift-Salesforce connections and alerted affected users.
- Salesloft and Salesforce are demanding admins re-authenticate integrations.
Already a member? Log in here