"On August 23rd, PowerSchool was notified that we were affected by a security incident involving the Drift app, published by Salesloft. As a result of this incident, a threat actor gained unauthorized access to the Salesforce database, which we use for customer support and internal case management. This database contains customer contact information, support case metadata, and the contents of support case communications."
"At this time, we have no evidence that any PowerSchool infrastructure or production systems outside of Salesforce were affected by this incident; all other products and systems appear to remain fully secure and uncompromised. The main motivation for the attacker appears to have been to steal credentials, per published information on the incident by Salesloft. If you suspect that your organization may have included credentials in a support case, we recommend that you review your support cases and change any credentials you find."
"As a security best practice, do not send credentials to PowerSchool or any other vendor in a support case. We are committed to transparency and will continue to provide updates as we receive any new information. If you have questions or need assistance, please reach out to your Customer Success Manager or Support contact directly. - PowerSchool Security Team"
On August 23rd PowerSchool notified customers that a security incident involving the Drift app published by Salesloft allowed a threat actor to gain unauthorized access to the Salesforce database used for customer support and internal case management. The compromised database contained customer contact information, support case metadata, and support case communications. PowerSchool reported no evidence that infrastructure or production systems outside Salesforce were affected and indicated other products remain secure. Salesloft reported the attacker likely sought credentials; affected organizations are advised to review support cases and change any credentials. PowerSchool advised against sending credentials in support cases and promised ongoing updates, but the notice was later removed from a closed user group and customers report difficulty obtaining responses.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]