Cybersecurity company Zscaler has disclosed that it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases. Bleeping Computer reports:
This warning follows the compromise of Salesloft Drift, an AI chat agent that integrates with Salesforce, in which attackers stole OAuth and refresh tokens, enabling them to gain access to customer Salesforce environments and exfiltrate sensitive data.
In an advisory, Zscaler says that its Salesforce instance was impacted by this supply-chain attack, exposing customers’ information.
“As part of this campaign, unauthorized actors gained access to Salesloft Drift credentials of its customers including Zscaler,” reads Zscaler’s advisory.
Read more at Bleeping Computer.
