"Citing an investigation by Google's incident response unit Mandiant, Salesloft said on its data breach page that the as-yet-unnamed hackers accessed Salesloft's GitHub account and performed reconnaissance activities from March until June, which allowed them to download "content from multiple repositories, add a guest user and establish workflows." The timeline raises fresh questions about the company's security posture, including why it took Salesloft some six months to detect the intrusion. Salesloft said that the incident is now "contained.""
"After the hackers broke into its GitHub account, the company said the hackers accessed the Amazon Web Services cloud environment of Salesloft's AI and chatbot-powered marketing platform Drift, which allowed them to steal OAuth tokens for Drift's customers. OAuth is a standard that allows users to authorize one app or service to connect to another. By relying on OAuth, Drift can integrate with platforms like Salesforce and others to interact with website visitors."
Salesloft's GitHub account was breached in March, enabling attackers to steal authentication tokens later used in a widespread attack against multiple customers. Google's incident response unit Mandiant found that unnamed threat actors accessed the account and performed reconnaissance from March through June, downloading content from multiple repositories, adding a guest user and establishing workflows. The attackers also accessed the Amazon Web Services environment for Salesloft's Drift platform and stole OAuth tokens for Drift customers, allowing integrations with services like Salesforce to be abused. Affected customers include Bugcrowd, Cloudflare, Google, Proofpoint, Palo Alto Networks and Tenable. Google attributed the supply-chain breach to UNC6395. Salesloft reported the incident as contained.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]