"Following a previous series of victims, Zscaler has also been affected by a hacked Salesforce Drift instance. This resulted in the theft of customer data and information about support cases. Zscaler warns that hackers stole sensitive customer data after gaining access to their Salesforce environment. The stolen data includes customer names, email addresses, job titles, phone numbers, and location data. In addition, product licenses, commercial information, and the content of certain support cases have also been compromised."
"This integration of an AI chatbot with Salesforce made it possible to steal OAuth and refresh tokens, which criminals used to gain access to company data. "Unauthorized parties gained access to Salesloft Drift credentials from customers, including Zscaler," the company said in a security advisory. After thorough analysis, it appeared that these access rights provided limited insight into Salesforce information. Google Threat Intelligence identified the attackers as UNC6395."
Attackers leveraged a compromised Salesloft Drift integration to obtain OAuth and refresh tokens and access Zscaler's Salesforce environment. Exposed customer data includes names, email addresses, job titles, phone numbers, locations, product licenses, commercial information, and certain support-case contents. Google Threat Intelligence attributed the intrusion to UNC6395, which also targeted AWS keys, passwords, and Snowflake tokens found in support requests. Attackers attempted to erase query tasks but preserved logs allowed reconstruction. Salesloft's Email service was also compromised. Google and Salesforce temporarily disabled Drift integrations. Zscaler products and internal infrastructure were not impacted.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]