"Cloudflare confirms that it has been affected by the Salesloft Drift data breach, which has impacted hundreds of organizations worldwide. The incident allowed an external party to access Cloudflare's Salesforce environment, which is used for customer support and internal case management. During the incident, the attackers collected text fields from support cases. In some cases, these contained sensitive information. According to Cloudflare, this mainly concerns customer contact details and basic information about support cases."
"Cloudflare emphasizes that all data shared through this channel should be considered compromised. Cloudflare has therefore urged customers to change their login details if they were ever sent via support tickets. 104 API tokens stolen Cloudflare's own analysis revealed that 104 customer API tokens had been stolen. Although there is no evidence that these tokens have been misused, they have all been replaced as a precaution. Customers directly affected by this breach have been personally informed."
"The attack was made possible because the attackers gained access to OAuth credentials linked to the integration of the Salesloft Drift chatbot with Salesforce. With these credentials, they were able to exfiltrate data from Salesforce instances of multiple Salesloft customers, including Cloudflare. Research by Cloudforce One, Cloudflare's own threat intelligence team, indicates that this was an advanced supply chain attack targeting third-party integrations."
Cloudflare confirmed exposure of customer support data after attackers accessed its Salesforce environment via the Salesloft Drift breach, affecting hundreds of organizations. Attackers collected text fields from support cases, mainly contact details and basic case information, but some communications may include configuration details, access tokens, or other confidential information shared with the help desk. Cloudflare stated all data from that channel should be considered compromised and urged customers to change login details if ever sent via tickets. Cloudflare's analysis found 104 customer API tokens were stolen and they were replaced as a precaution; affected customers were notified. The attackers used OAuth credentials tied to the Salesloft Drift chatbot integration to exfiltrate data from multiple Salesforce instances, and the activity was classified as an advanced supply-chain attack attributed to a group labeled GRUB1.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]