Salesloft Drift Breach: When OAuth Tokens Go Rogue and Integrations Go Haywire!
Google warns that the Salesloft Drift OAuth breach affects all integrations, not just Salesforce. All tokens should be treated as compromised. Attackers accessed a few Google Workspace emails via Drift, but only for accounts specifically integrated with Salesloft. Experts advise reviewing integrations and rotating credentials to manage the broader impact.
Hot Take:
Looks like Salesloft Drift has got some serious explaining to do as their OAuth breach is spreading like wildfire! It’s not just Salesforce feeling the heat, but now every integration is in the hot seat. Google’s giving everyone the side-eye, suggesting we treat those tokens like last week’s leftovers—definitely compromised. Let’s hope Salesloft has a drift correction plan that doesn’t involve a compass and a map!
Key Points:
- Salesloft Drift OAuth breach affects all integrations, not just Salesforce.
- Google advises treating all connected tokens as compromised.
- Attackers used stolen OAuth tokens to access some Google Workspace emails.
- Salesloft and Salesforce are working to revoke tokens and re-authenticate integrations.
- UNC6395 is the threat actor behind the attack, targeting Salesforce through compromised OAuth tokens.