#oauth-tokens

[ follow ]
#salesforce #shinyhunters #salesloft #data-breach #drift #gainsight-breach #third-party-breach #gainsight
Information security
fromTheregister
1 week ago

Salesforce flags another third-party security incident

Gainsight-published applications' compromised external connections allowed unauthorized access to some customers' Salesforce data; Salesforce revoked tokens and removed apps from AppExchange.
#salesforce
more#salesforce
fromTechzine Global
2 months ago

How one Salesloft account led to a cavalcade of data breaches

From March to June 2025, a cyber attacker was able to snoop around in Salesloft's GitHub account. This resulted in the theft of tokens that link Drift, Salesloft's sales platform, to Salesforce environments. As a result, large companies fell victim to one data breach after another this summer. As an intruder in Salesloft's GitHub account, the attacker was able to download the contents of various repositories, add a guest user, and set up workflows.
Information security
Information security
fromThe Hacker News
3 months ago

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

Hackers breached Salesloft to steal Drift OAuth and refresh tokens, enabling exfiltration of Salesforce data and credentials from multiple corporate instances.
[ Load more ]