#unc6395

[ follow ]
#oauth-token-theft #salesforce #salesforce-breach #unc6040 #supply-chain-attack #salesloft-drift
#salesforce-breach
fromTechRepublic
5 months ago
Information security

'Widespread Data Theft' Impacts Salesforce-Salesloft Drift Users

UNC6395 used compromised Salesloft–Drift OAuth tokens to access Salesforce, extract customer records and credentials via targeted database queries, and export sensitive data.
fromTechzine Global
5 months ago
Information security

Hackers steal customer data from Zscaler via Salesloft leak

Hackers accessed Zscaler's Salesforce via compromised Salesloft Drift, stealing customer personal data, product and support-case information; Zscaler products and internal infrastructure were not affected.
more#salesforce-breach
fromIT Pro
5 months ago

How to check if you've been affected by Salesforce attacks - and stop hackers dead in their tracks

The FBI has issued a FLASH alert over the threat posed to enterprises by threat groups targeting Salesforce environments.
Information security
Information security
fromDataBreaches.Net
5 months ago

FBI Flash Alert: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion - DataBreaches.Net

Cybercriminal groups UNC6040 and UNC6395 target organizations' Salesforce platforms for data theft and extortion; Indicators of Compromise (IOCs) are provided to aid detection and network defense.
Information security
fromThe Hacker News
5 months ago

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks

Two distinct cybercriminal groups, UNC6395 and UNC6040, targeted Salesforce platforms to steal data and extort victims using OAuth token compromise and vishing-based access.
Information security
fromIT Pro
5 months ago

Salesloft Drift hackers had access to company GitHub account for months before attacks

Threat actors accessed Salesloft's GitHub for months, exfiltrated secrets and tokens, then used Drift integrations' OAuth tokens to access customer data.
Information security
fromTechCrunch
5 months ago

Salesloft says Drift customer data thefts linked to March GitHub account hack | TechCrunch

A March GitHub breach at Salesloft allowed theft of authentication and OAuth tokens, enabling mass hacks of multiple large tech customers and a supply-chain compromise.
Information security
fromDataBreaches.Net
5 months ago

Salesloft Drift Breach Rolls Up Cloudflare, Palo Alto, Zscaler, and Others - DataBreaches.Net

Supply-chain attacks exploiting a Salesloft/Drift Salesforce OAuth vulnerability compromised customer Salesforce instances at Cloudflare, Palo Alto Networks, Zscaler, SpyCloud, PagerDuty, and hundreds more.
Information security
fromThe Hacker News
5 months ago

Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations

All Salesloft Drift integrations and stored authentication tokens are potentially compromised, enabling attackers to access Salesforce instances and Google Workspace accounts via stolen OAuth tokens.
Information security
fromTheregister
5 months ago

Google links Salesforce data thefts to Salesloft breach

Attackers stole OAuth tokens from the Drift app used by Salesloft to access Salesforce databases and exfiltrate sensitive credentials and customer records.
Information security
fromTechzine Global
5 months ago

Hackers steal Salesforce data via Salesloft integration

Hackers exploited the Salesloft–Drift–Salesforce integration to steal OAuth and refresh tokens, gaining access to customer data including AWS keys and passwords.
Information security
fromThe Hacker News
5 months ago

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

Hackers breached Salesloft to steal Drift OAuth and refresh tokens, enabling exfiltration of Salesforce data and credentials from multiple corporate instances.
[ Load more ]