Another Salesloft Drift-related breach has been disclosed. Seucrity Affairs reports:
Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat actors stole OAuth tokens from the company, the incident impacted multiple Salesforce customers, including Zscaler. Attackers gained unauthorized access to Drift credentials, allowing limited visibility into some of Zscaler’s Salesforce information. The company pointed out that its products, services, and core infrastructure were not compromised.
“As part of this campaign, unauthorized actors gained access to Salesloft Drift credentials of its customers including Zscaler. Following a detailed review as part of our ongoing investigation, we have determined that these credentials have allowed limited access to some Zscaler’s Salesforce information.” reads the advisory published by Zscaler. “After extensive investigation, Zscaler has currently found no evidence to suggest misuse of this information.”
The information exposed in the incident are the commonly available business contact details for points of contact and specific Salesforce related content, including: Names, Business email addresses, Job titles, Phone numbers, Regional/location details, Zscaler product licensing and commercial information, content from certain support cases.
Zscaler confirmed it has revoked Drift’s Salesforce access, rotated API tokens, launched a joint investigation with Salesforce, added safeguards, reviewed third-party vendors, and reinforced customer support authentication to reduce phishing risks.
Read more at Security Affairs.
