Google warns that mass data theft hitting Salesloft AI agent has grown bigger
Briefly

Google advised Salesloft Drift users to treat all authentication tokens connected to the platform as potentially compromised after unknown attackers used some credentials to access Google Workspace email. Google revoked the tokens implicated in the breaches, disabled the Salesloft Drift integration with all Workspace accounts, and notified affected account holders. The Google Threat Intelligence Group found the breach impacts integrations beyond Salesforce, prompting a broader warning. Salesloft's public security guidance continued to reference only Salesforce integrations, and Salesloft did not immediately confirm Google's expanded assessment.
Google is advising users of the Salesloft Drift AI chat agent to consider all security tokens connected to the platform compromised following the discovery that unknown attackers used some of the credentials to access email from Google Workspace accounts. In response, Google has revoked the tokens that were used in the breaches and disabled integration between the Salesloft Drift agent and all Workspace accounts as it investigates further. The company has also notified all affected account holders of the compromise.
The compromise of the Workspace accounts prompted Google to change that assessment. "Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations," Thursday's update stated. "We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised."
Read at Ars Technica
[
|
]