Palo Alto Networks Caught in Salesloft Drift: A Comedy of Errors in Data Breach Drama
Palo Alto Networks, Google, and Zscaler have fallen victim to a supply-chain attack linked to the Salesloft Drift incident. Stolen OAuth tokens allowed attackers to access Salesforce customer data and support cases. Companies are urging credential rotations and enhanced vigilance against phishing, while revoking affected integrations and tokens.
Hot Take:
Looks like Palo Alto Networks and a bunch of others just got front-row seats to the Supply Chain Circus! Grab your popcorn as the Salesloft Drift incident juggles stolen OAuth tokens, Salesforce data, and a whole lot of IT chaos. Who knew cloud computing could get this dramatic? Hold onto your passwords, folks, it’s going to be a bumpy ride!
Key Points:
- Palo Alto Networks fell victim to the Salesloft Drift supply-chain attack, compromising Salesforce data.
- Unit42 researchers reveal mass data exfiltration and credential scanning by threat actors.
- Salesloft responded by revoking access tokens and notifying impacted customers.
- Other affected companies include Google and Zscaler, who took remedial action.
- Experts advise treating all connected tokens as compromised and rotating credentials.
Already a member? Log in here