Stolen OAuth tokens expose Palo Alto customer data
Briefly

Stolen OAuth tokens expose Palo Alto customer data
"Marc Benoit, chief information security officer at PAN, confirmed in a note to clients - seen by The Register - that it was informed on August 25 that the "compromise of a third-party application, Salesloft's Drift, resulted in the access and exfiltration of data stored in our Salesforce environment." It immediately disconnected the third-party application from its Salesforce CRM, he said."
"Benoit said it "further confirmed that the data involved includes primarily customer business contact information, such as names and contact info, company attributes, and basic customer support case information. It is important to note that no tech support files or attachments to any customer support cases were part of the exfiltration.""
"The Unit42 team within PAN are still combing through things, "conducting enhanced, continuous monitoring of our systems and the dark web for any potential exposure or misuse of the exfiltrated data." The breach of the Drift application has led to supply chain attacks at "hundreds" of organizations, including PAN, said Benoit in a blog post. He said the "incident" was "isolated to our CRM platform.""
The compromise of a third-party application, Salesloft's Drift, exposed stolen OAuth credentials that allowed attackers to access Palo Alto Networks' Salesforce environment. Unit42's investigation isolated the incident to the Salesforce CRM and determined that no Palo Alto Networks products, systems, or services were affected. Exfiltrated data primarily consisted of customer business contact information, company attributes, and basic customer support case information, with no tech support files or attachments taken. The Drift connection was disconnected, enhanced continuous monitoring and dark‑web surveillance are underway, and a limited number of potentially affected customers are being contacted. The breach contributed to supply‑chain attacks at hundreds of organizations.
Read at Theregister
Unable to calculate read time
[
|
]