Hackers steal Salesforce data via Salesloft integration
Hackers exploited the Salesloft–Drift–Salesforce integration to steal OAuth and refresh tokens, gaining access to customer data including AWS keys and passwords.
Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks - DataBreaches.Net
Threat actors stole Drift OAuth and refresh tokens via Salesloft's SalesDrift, pivoting into Salesforce environments to exfiltrate credentials and cloud access keys.