Four cybersecurity firms hit in Salesforce-Salesloft breach

Proofpoint, SpyCloud, Tanium, and Tenable confirmed their Salesforce data was compromised in the recent UNC6395 attack that exploited the Salesforce-Salesloft Drift integration. The threat actors used compromised OAuth tokens to export large volumes of data from hundreds of organizations, targeting sensitive information like AWS access keys and passwords. The campaign initially appeared limited to Drift users but later expanded to affect over 700 organizations, including Google Workspace customers and major security vendors. The compromised data included customer relationship management fields, support case information, and business contact details, though the affected companies report no evidence of broader system access or data misuse.

Read more:

https://www.securityweek.com/more-cybersecurity-firms-hit-by-salesforce-salesloft-drift-breach/