Salesforce refuses to give in to extortion after SalesLoft data breach
Briefly

Salesforce refuses to give in to extortion after SalesLoft data breach
"Salesforce has informed customers that it will not pay ransom to hackers threatening to publish stolen customer data. The hack is believed to be linked to a security incident at third-party provider SalesLoft, specifically its Drift app, which is integrated with Salesforce for automated customer communications. According to an internal memo seen by Bloomberg, Salesforce has reliable indications that the hacker group ShinyHunters intends to share stolen information on online forums."
"The cause of the series of data breaches appears to be an error at SalesLoft. From March to June, attackers had access to the company's GitHub account. In doing so, they stole tokens that linked the Drift app to Salesforce environments. From that starting point, the attacker was able to penetrate Drift's AWS environment and obtain OAuth tokens from customer companies."
"Those tokens provided access to data at hundreds of organizations, including Cloudflare, Zscaler, Palo Alto Networks, CyberArk, Rubrik, Nutanix, Ericsson, and JFrog. The impact varied from company to company: for some, it involved CRM fields, for others, support cases, or limited integration data. Researchers from the Google Threat Intelligence Group warned in August about a large-scale campaign targeting Salesforce customers via the Drift app, in which attackers sought login details, passwords, and tokens for database access."
Salesforce informed customers it will not pay ransom to hackers threatening to publish stolen customer data. The breach traced to third-party provider SalesLoft's Drift app, not Salesforce vulnerabilities. Stolen data mainly included customer contact details and basic IT support information, with some cases exposing access tokens and IT configuration details. Attackers accessed SalesLoft's GitHub account from March to June, stealing tokens that linked the Drift app to Salesforce environments and then penetrating Drift's AWS environment to obtain OAuth tokens. Hundreds of organizations were affected, with impacts ranging from CRM fields to support cases and limited integration data. Salesforce is contacting affected customers and offering support.
Read at Techzine Global
Unable to calculate read time
[
|
]