Salesforce Data Breach Comedy of Errors: Google Workspace Joins the Fray!
Salesloft Drift has been hit with a data theft campaign, impacting Salesforce and Google Workspace users. The culprits, UNC6395, used compromised OAuth tokens to access sensitive info. Google and Salesloft are now advising users to review integrations and rotate credentials. Rest assured, your cat photos on Google Workspace remain safe.
Hot Take:
In a world where stealing data is a daily chore for cybercriminals, Salesforce customers are learning the hard way that sharing isn’t always caring. The recent data heist targeting Salesloft Drift users has been a wake-up call for organizations everywhere. It’s like the cyber equivalent of realizing you’ve been sharing your Netflix password with your neighbor’s cat. And now, Google Workspace users are finding out that they’ve been invited to this data breach party without even RSVP-ing. Just when you thought your biggest problem was remembering all your passwords, here comes UNC6395 to remind you that your data is never truly safe. Time to lock up those OAuth tokens and throw away the key!
Key Points:
- Cybercriminals targeted Salesforce users via Salesloft Drift, using compromised OAuth tokens.
- The campaign aimed to harvest credentials and access sensitive data like AWS keys and passwords.
- Google Workspace users were also affected, although only those with specific configurations.
- Google and Salesloft are taking steps to revoke compromised tokens and notify affected parties.
- Organizations are advised to review integrations and rotate credentials to mitigate risks.