""Following a detailed review as part of our ongoing investigation, we have determined that these credentials have allowed limited access to some Zscaler Salesforce information," the cloud security shop's VP and Chief Information Security Officer Sam Curry said in an August 30 blog. The stolen information includes Salesforce-related content including names, business email addresses, job titles, phone numbers, regional/location details, Zscaler product licensing and commercial information, and plain text content from certain support cases although Zscaler noted "this does NOT include attachments, files, and images.""
"The security snafu occurred between August 8 and August 18, during which time a group suspected to be ShinyHunters (UNC6395) stole OAuth tokens from Salesloft Drift's integration with Salesforce. Drift, a third-party application used to automate sales processes, integrates with Salesforce databases to help manage leads and coordinate pitches, and compromising these OAuth security tokens allowed the data thieves to silently steal a ton of Salesforce customer data."
OAuth tokens from Salesloft Drift integrations were stolen between August 8 and August 18, enabling unauthorized access to Salesforce databases. A group suspected to be ShinyHunters (UNC6395) is implicated in the theft. Compromised tokens facilitated mass exfiltration from Account, Contact, Case, and Opportunity records and from commercial and support-case plaintext fields. Affected metadata included names, business emails, job titles, phone numbers, regional details, product licensing, and commercial information. Incident responders observed attackers scanning exfiltrated data for credentials to enable further compromises. Zscaler reported exposed Salesforce data but said attachments, files, and images were not included.
Read at www.theregister.com
Unable to calculate read time
Collection
[
|
...
]