"The Biden administration considered spyware used to hack phones controversial enough that it was tightly restricted for US government use in an executive order signed in March 2024. In Trump's no-holds-barred effort to empower his deportation force-already by far the most well-funded law enforcement agency in the US government-that's about to change, and the result could be a powerful new form of domestic surveillance."
"Google's security researchers revealed the breach at the end of August. "The actor systematically exported large volumes of data from numerous corporate Salesforce instances," Google wrote in a blog post, pointing out that the hackers were looking for passwords and other credentials contained in the data. More than 700 companies may have been impacted, with Google later saying it had seen Drift's email integration being abused."
"The company said the security issue is linked to Drift's integration with Salesforce. Between August 8 and August 18, hackers used compromised OAuth tokens associated with Drift to steal data from accounts. On August 28, Salesloft paused its Salesforce-Salesloft integration as it investigated the security issues; then on September 2 it said, "Drift will be temporarily taken offline in the very near future" so it can "build additional resiliency and security in the system.""
Compromised OAuth tokens tied to Drift, an AI chatbot integrated with Salesforce, enabled an actor to systematically export large volumes of corporate Salesforce data between August 8 and August 18. The actor targeted credentials and passwords and abused email integrations, potentially impacting more than 700 companies, including Cloudflare, Palo Alto Networks, Spycloud, and Zscaler. Salesloft paused its Salesforce integration on August 28 and later announced Drift would be taken offline temporarily to build resiliency and security. Google's security researchers revealed the breach. Separately, spyware used to hack phones was tightly restricted for US government use by an executive order in March 2024.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]