Cybersecurity Breach: ShinyHunters Exploit Salesloft Drift, Stealing Data from 700+ Companies
Cybersecurity firm Zscaler has confirmed a data breach, with hackers gaining access to customer business contact details and specific Salesforce-related content. The incident, involving the hacker group ShinyHunters, has affected numerous corporate Salesforce instances through a third-party AI platform, Salesloft Drift.
The hackers' primary goal appears to be stealing further secrets and tokens to compromise other victim environments. Salesloft, the company behind the Drift platform, has confirmed that a threat actor used stolen credentials to exfiltrate data from its customers' Salesforce instances. In response, Salesloft took the Drift platform offline and paused the Salesforce-Salesloft integration during the investigation.
Palo Alto Networks has also confirmed it was affected, disconnecting the Salesloft application from its Salesforce environment and investigating the incident. The hacker group involved, ShinyHunters, claimed responsibility for the attacks targeting Salesforce customer organizations by exploiting OAuth tokens stolen from Salesloft's Drift integration. Cloudflare's investigation found that hackers accessed customer contact information, support ticket details, and API tokens, systematically exporting large volumes of data, including sensitive credentials like AWS access keys and Snowflake tokens.
More than 700 companies may have been attacked, with Cloudflare, Zscaler, and Palo Alto Networks confirming they were affected. Several large tech companies have confirmed that customer data was stolen during this wide-ranging data theft incident involving a popular automation tool. The incident serves as a reminder of the potential risks associated with third-party integrations and the importance of robust cybersecurity measures.
