Salesloft Drift Drama: How a GitHub Oopsie Led to Salesforce Data Dilemma!
Salesloft recently confirmed that the breach involving its Drift application has been contained, with customer protections in place. Attackers accessed a GitHub account, but the core Salesloft environment remained secure. The breach was part of a larger campaign targeting Salesforce integrations. Mandiant continues to ensure the integrity of all environments.
Hot Take:
Who knew that the humble Drift application could cause such a ruckus in the vast Salesforce universe? It’s like finding out your quiet neighbor has been hosting underground raves. But fear not, the bouncers (aka Mandiant) have kicked out the troublemakers and beefed up security, ensuring the neighborhood is safe once again.
Key Points:
- Salesloft’s GitHub account was compromised, leading to a breach via the Drift application.
- Mandiant was called in to investigate the breach and the situation is now under control.
- Attackers used compromised OAuth tokens to access Salesforce customer data.
- The incident affected multiple companies, implicating a coordinated Salesforce integration attack.
- Suspected threat actors UNC6395 and Scattered Lapsus$ Hunters are linked to the breach.
Already a member? Log in here