"Threat actors behind a spate of attacks on Salesloft Drift claim to have stolen over 1.5 billion records, according to reports. Attacks on the third-party application have impacted dozens of organizations globally, with hackers using a combination of social engineering techniques and malicious OAuth tokens to access Salesforce instances and access data. Responsibility for the attacks have been claimed by threat actors from the ShinyHunters, Lapsus$, and Scattered Spider groups, now referring to themselves as Scattered Lapsus$ Hunters."
"Attacks on the third-party application have impacted dozens of organizations globally, with hackers using a combination of social engineering techniques and malicious OAuth tokens to access Salesforce instances and access data. Responsibility for the attacks have been claimed by threat actors from the ShinyHunters, Lapsus$, and Scattered Spider groups, now referring to themselves as Scattered Lapsus$ Hunters."
Threat actors claim to have stolen over 1.5 billion records through attacks on Salesloft Drift. The attacks targeted the third-party application and affected dozens of organizations globally. Hackers used social engineering tactics combined with malicious OAuth tokens to obtain access to Salesforce instances and retrieve data. Responsibility has been claimed by actors associated with ShinyHunters, Lapsus$, and Scattered Spider. Those actors are now referring to themselves as Scattered Lapsus$ Hunters. The incidents underscore vulnerabilities in third-party integrations and the dangers of OAuth token compromise and social engineering within enterprise ecosystems.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]