Salesloft’s GitHub Oopsie: Data Breach Leaves Salesforce Users in a Tangle
Salesloft revealed a major data theft campaign targeting Salesforce data via the Salesloft Drift app after threat actors compromised a key GitHub account. Using OAuth tokens, they accessed Salesforce instances to exfiltrate secrets. Google Mandiant’s investigation noted the incident is contained, but the number of corporate victims remains uncertain.
Hot Take:
Who knew that GitHub could be a gateway to your Salesforce treasure trove? Next thing you know, your cat’s Instagram will get hacked for its fishy secrets. This is what happens when you try to fish where the sharks swim, folks!
Key Points:
– A GitHub account compromise led to a major data theft campaign targeting Salesforce data via the Salesloft Drift app.
– The cyber heist spanned from March to June 2025, giving threat actors ample time for mischief.
– Key players affected include security bigwigs like Tenable, Qualys, Palo Alto Networks, Cloudflare, and Zscaler.
– Google Mandiant intervened with containment and eradication measures, including code isolation and credential rotation.
– The group behind the attack, potentially ShinyHunters/Scattered Spider, is also suspected of targeting Salesforce with vishing scams.