"ShinyHunters claims to have stolen more than 1.5 billion Salesforce records. According to the group, 760 companies were affected via compromised OAuth tokens from Salesloft Drift. This was reported by BleepingComputer. The attacks are said to have been going on for a year. The criminals targeted Salesforce customers through social engineering and malicious applications that gained access via OAuth. Once they were able to penetrate a Salesforce environment, data was downloaded."
"A previous breach at Salesloft played an important role in this. In March, the company's GitHub repository, containing the private source code, was accessed. Using the security tool TruffleHog, the attackers were able to track down OAuth tokens for Drift and Drift Email, which were later used to gain access to Salesforce environments. Google's Mandiant research department reports that the ShinyHunters attackers carefully searched the stolen material for login credentials, access tokens, and other secrets that could be used to penetrate additional systems."
ShinyHunters stole more than 1.5 billion Salesforce records after compromising OAuth tokens tied to Salesloft Drift, impacting 760 companies. The attackers used social engineering and malicious applications to gain OAuth access and downloaded data from penetrated Salesforce environments. Exfiltrated records include accounts, contacts, cases, opportunities, and users, with a large portion coming from Case tables containing customer support ticket information. A March Salesloft GitHub breach exposed private source code and OAuth tokens, which were harvested with TruffleHog to access Salesforce. Mandiant observed the attackers searching stolen material for credentials, access tokens, AWS keys, and Snowflake tokens. The campaign targeted prominent tech firms and prompted an FBI warning.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]