"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. For the past year, the threat actors have been targeting Salesforce customers in data theft attacks using social engineering and malicious OAuth applications to breach Salesforce instances and download data. The stolen data is then used to extort companies into paying a ransom to prevent the data from being publicly leaked."
"Google tracks this activity as UNC6040 and UNC6395. In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company. ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."
ShinyHunters claim to have stolen over 1.5 billion Salesforce records from 760 companies by exploiting compromised Salesloft Drift OAuth tokens. For about a year, threat actors targeted Salesforce customers using social engineering and malicious OAuth applications to access Salesforce instances and extract data. Stolen records are used to extort companies with ransom demands to prevent public release. Threat actors claim affiliation with ShinyHunters, Scattered Spider, and Lapsus$, collectively calling themselves Scattered Lapsus$ Hunters; Google tracks activity as UNC6040 and UNC6395. In March, attackers breached Salesloft's GitHub, scanned the source with TruffleHog, and discovered OAuth tokens for Salesloft Drift and Drift Email.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]