Salesloft Drift breach extends beyond Salesforce to Google Workspace

Google’s threat intelligence team confirmed that the recent Salesloft Drift data theft campaign, initially targeting Salesforce customers between August 8-18, also compromised Google Workspace accounts through stolen OAuth tokens. The attackers, tracked as UNC6395, used compromised “Drift Email” integration tokens to access emails from a small number of Workspace accounts specifically configured with Salesloft integrations on August 9. Google immediately revoked the OAuth tokens and disabled the Workspace integration after discovering the breach, while emphasizing that Google’s own systems remained secure. Security experts now warn that all Salesloft Drift customers should treat any authentication tokens connected to the platform as potentially compromised and revoke all API keys for third-party integrations.

Read more:

https://www.securityweek.com/google-confirms-workspace-accounts-also-hit-in-salesforce-salesloft-drift-data-theft-campaign/