Zscaler’s Supply-Chain Woes: Salesloft Drift Breach Spills Salesforce Secrets
Zscaler experienced a supply-chain attack via the Salesloft Drift breach, leaking customer info from Salesforce. While the breach didn’t compromise Zscaler’s core infrastructure, it exposed business contact details. Zscaler has revoked access, rotated APIs, and reinforced security measures. The company urges vigilance against phishing, despite finding no evidence of data misuse.
Hot Take:
When life gives you lemons, make lemonade! Or in this case, when hackers give you a supply-chain attack, make sure to rotate your OAuth tokens faster than you can say “Salesloft Drift.” In a plot twist that even the most seasoned Netflix writers would envy, Zscaler found itself in a bind, courtesy of a hack targeting Salesloft Drift. The attackers managed to sneak in and grab some Salesforce data, but hey, at least Zscaler’s core infrastructure was left untouched. Who knew OAuth tokens could be the Achilles’ heel of the digital age? Stay vigilant, folks, because phishing attempts are lurking like that one friend who never remembers to take their shoes off at the door.
Key Points:
– Supply-chain breach via Salesloft Drift impacts Zscaler and multiple Salesforce customers.
– Hackers stole OAuth tokens, exposing Salesforce data but sparing Zscaler’s core infrastructure.
– Google and Mandiant confirm broader impact beyond Salesforce, urging token rotation.
– Attackers harvested sensitive credentials from Salesforce instances between Aug 8-18, 2025.
– Salesforce and Salesloft take action, revoking Drift connections and notifying affected users.