Salesforce Shake-Up: Salesloft Drift Attack Spreads Like Wildfire!
Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is broader than initially thought, affecting all integrations. It advises treating all authentication tokens connected to the Drift platform as potentially compromised. Google urges users to review integrations, revoke credentials, and check for unauthorized access.
Hot Take:
In a shocking turn of events, it turns out that OAuth tokens have the same level of security as a toddler guarding a cookie jar. Google and Salesloft are in a frenzy, trying to put Humpty Dumpty back together again, while Salesforce is playing the ‘better safe than sorry’ card by disabling integrations faster than you can say ‘data breach’. It appears the only thing not compromised here is the actors’ anonymity, though we suspect they’re probably just a band of tech-savvy raccoons. Watch out, because the cybersecurity Wild West just got wilder!
Key Points:
- Google warns that all Salesloft Drift integrations are potentially compromised.
- OAuth tokens were stolen, granting access to specific Google Workspace email accounts.
- Salesforce temporarily disabled Drift integrations with Salesforce, Slack, and Pardot.
- Google urges a review and rotation of credentials for all third-party integrations.
- The threat cluster behind the attack is identified as UNC6395.