Salesloft GitHub Gaffe: The 2025 Data Heist Affecting Hundreds of Companies!
Threat actors accessed Salesloft’s GitHub account, leading to a Salesforce-Salesloft data breach that impacted hundreds, including Google Workspace customers. Attackers used compromised OAuth tokens to export data, prompting Salesforce to temporarily disable the integration. Salesloft assures the attack was contained, but not without causing a ripple in the cybersecurity world.
Hot Take:
Oh, the tangled web they weave when they practice to thieve! It looks like some sneaky cyber ninjas managed to infiltrate Salesloft’s GitHub account, setting the stage for a grand heist. They used this access to launch a Salesforce-Salesloft data theft campaign that took the cyber world by storm. Clearly, this was a classic case of “GitHub-gone-wild,” leaving a trail of compromised OAuth tokens, AWS keys, and red-faced organizations in its wake. Can’t wait to see the movie adaptation!
Key Points:
– Threat actors accessed Salesloft’s GitHub account and performed reconnaissance between March and June 2025.
– The data breach occurred in August, exploiting OAuth tokens for the Drift AI chatbot to steal data.
– Hundreds of organizations were affected, with a focus on extracting AWS keys and access tokens.
– Even Google Workspace customers weren’t safe from this cyber fiesta.
– The attack led to temporary disruptions in Salesloft and Drift operations, but it’s all contained now. Or so they say.