#oauth-token-theft

[ follow ]
#unc6395 #salesforce #github-compromise #supply-chain-attack #extortion #salesforce-breach #salesloft-drift
fromDataBreaches.Net
1 week ago

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks - DataBreaches.Net

The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. For the past year, the threat actors have been targeting Salesforce customers in data theft attacks using social engineering and malicious OAuth applications to breach Salesforce instances and download data. The stolen data is then used to extort companies into paying a ransom to prevent the data from being publicly leaked.
Information security
Information security
fromSecurityWeek
1 week ago

FBI Shares IoCs for Recent Salesforce Intrusion Campaigns

Social-engineered vishing and compromised OAuth tokens enabled UNC6040 and UNC6395 to access Salesforce instances, exfiltrate bulk data, and extort over 700 organizations.
#github-compromise
fromIT Pro
2 weeks ago
Information security

Salesloft Drift hackers had access to company GitHub account for months before attacks

fromIT Pro
2 weeks ago
Information security

Salesloft Drift hackers had access to company GitHub account for months before attacks

more#github-compromise
fromTheregister
2 weeks ago

Drift attackers gained entry via a Salesloft GitHub account

The Salesloft Drift breach that compromised "hundreds" of companies including Google, Palo Alto Networks, and Cloudflare, all started with miscreants gaining access to the Salesloft GitHub account in March. This new information comes from a Saturday update into the Mandiant-led investigation - Salesloft hired the incident response firm to determine the root cause and scope of the incident - and a Sunday alert that the integration between Salesloft and Salesforce has now been restored.
Information security
Information security
fromTechCrunch
2 weeks ago

Salesloft says Drift customer data thefts linked to March GitHub account hack | TechCrunch

A March GitHub breach at Salesloft allowed theft of authentication and OAuth tokens, enabling mass hacks of multiple large tech customers and a supply-chain compromise.
#supply-chain-attack
more#supply-chain-attack
Information security
fromIT Pro
3 weeks ago

The Salesloft Drift victim list keeps growing: Zscaler is the latest to confirm a breach, warning customers to remain wary of follow-up phishing attacks

Zscaler experienced a Salesforce data exposure after Salesloft Drift OAuth token theft, allowing limited access to contact details and Salesforce-related commercial information.
Information security
fromThe Hacker News
4 weeks ago

Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations

All Salesloft Drift integrations and stored authentication tokens are potentially compromised, enabling attackers to access Salesforce instances and Google Workspace accounts via stolen OAuth tokens.
Information security
fromTheregister
4 weeks ago

Google links Salesforce data thefts to Salesloft breach

Attackers stole OAuth tokens from the Drift app used by Salesloft to access Salesforce databases and exfiltrate sensitive credentials and customer records.
#salesloft-breach
more#salesloft-breach
[ Load more ]