Skip to main content

Tag: salesloft

15 articles

Salesloft breach: Exclusive Risky Lawsuit Fallout

Salesloft breach: Exclusive Risky Lawsuit Fallout

Salesforce now faces a wave of lawsuits after customer data stolen from Salesloft surfaced in identity‑theft schemes, sparking a heated debate over who’s liable when third‑party integrations expose sensitive information. The outcome could reshape how platforms, vendors, and customers share responsibility for security in a cloud‑first world.

Analyst 207
GitHub breach: Must-Have Fixes for Risky Attacks

GitHub breach: Must-Have Fixes for Risky Attacks

When Salesloft’s GitHub repo was breached, attackers used exposed artifacts to access customer Salesforce data — and that compromise became the ground zero for a wider campaign affecting Drift. It’s a wake-up call to treat code repositories like sensitive infrastructure: rotate keys, enforce MFA, and scan for leaked secrets before attackers do.

Analyst 207
Salesloft GitHub repository Massive Risky Breach

Salesloft GitHub repository Massive Risky Breach

A March compromise of a Salesloft GitHub repo was used to pivot into Drift, touching hundreds of companies — including Google, Palo Alto Networks and Cloudflare — and exposing how fragile software supply chains and leaked tokens can be. Now’s the time to assume compromise: scan repos for secrets, rotate credentials, lock down permissions, and demand better transparency from your vendors.

Analyst 207
Salesloft and Drift Risky Breach: Must-Have Defenses

Salesloft and Drift Risky Breach: Must-Have Defenses

When attackers siphoned customer data from Salesloft and Drift this week and impacted security names like Qualys and Tenable, it became painfully clear that your defenses are only as strong as the third‑party tools your team uses. Now’s the time to tighten API tokens, enforce MFA, and treat vendor risk as a core part of your security posture before contact lists become high‑value phishing and BEC fodder.

Analyst 207
Salesloft–Drift incident: Exclusive Risky Wake-Up Call

Salesloft–Drift incident: Exclusive Risky Wake-Up Call

When a vendor like Salesloft or Drift is breached, even giants like Cloudflare can have customer data exposed — a stark reminder that trusted integrations can become attack paths. Now’s the time to audit third‑party access, rotate tokens, and tighten least‑privilege controls before the next ripple causes real harm.

Analyst 207
OAuth token theft: Must-Have Fixes After Risky Breach

OAuth token theft: Must-Have Fixes After Risky Breach

When OAuth token theft let attackers roam across integrations, Salesloft temporarily pulled Drift offline to stop the bleeding and fully review security. It’s a wake-up call: short-lived tokens, tighter scopes and rapid rotation are essential to keep integrations—and customer data—safe.

Analyst 207
Salesloft/Drift incident: Exclusive Risky Security Wake-Up

Salesloft/Drift incident: Exclusive Risky Security Wake-Up

Cloudflare confirmed some customer data was exposed after the Salesloft/Drift breach, but key details and the full scope remain unclear — a stark reminder that third‑party compromises can ripple across the cloud ecosystem. Customers should watch for updates and take simple precautions now, like rotating credentials and enabling MFA, while investigations continue.

Analyst 207
Shattered laptop screen with ominous glow amidst broken alarm clock and dark cityscape.

Salesloft–Drift compromise: Devastating Risk Alert

Trust in the tools that run our businesses can break fast — Zscaler says some customer data was exposed in the Salesloft–Drift supply‑chain attack on Salesforce integrations, a reminder that one upstream breach can ripple across entire enterprise stacks.

Analyst 207
OAuth tokens: Must-Have Fixes to Stop Risky Leaks

OAuth tokens: Must-Have Fixes to Stop Risky Leaks

Palo Alto Networks says some commercially sensitive customer data may have been exposed after attackers used OAuth tokens stolen from the Salesloft Drift breach to access its Salesforce—proof that handy integrations can let a single vendor compromise cascade across your business. Now’s the time to audit connected apps, tighten token lifecycles, and treat integrations as continuously verified trust relationships, not set‑and‑forget conveniences.

Analyst 207
Zscaler customer information: Exclusive Risky Breach

Zscaler customer information: Exclusive Risky Breach

Last week’s Salesloft–Salesforce supply‑chain breach that exposed Zscaler customer data is a wake‑up call: attackers are increasingly moving laterally through trusted cloud integrations to harvest high‑value corporate data. Now is the time to map dependencies, tighten access, and embrace zero‑trust before the next incident.

Analyst 207
authentication tokens Risky Fallout: Stunning Wake-Up

authentication tokens Risky Fallout: Stunning Wake-Up

When Salesloft’s stolen authentication tokens turned into a supply‑chain free‑for‑all, hundreds of companies woke up to the scary truth that machine identities are as precious as passwords. Now’s the time to rotate keys, audit integrations, and rethink how we trust the apps that sit between our teams and their data.

Analyst 207
Salesloft Drift integration: Risky Must-Have Fixes

Salesloft Drift integration: Risky Must-Have Fixes

A widely used Salesloft–Drift integration meant to speed workflows is being abused to pivot into Google Workspace accounts—now’s the time to audit OAuth permissions, enforce least privilege, and revoke any unnecessary app access before attackers do.

Analyst 207
OAuth tokens Risky: Stunning CRM Data Breach Alert

OAuth tokens Risky: Stunning CRM Data Breach Alert

Google says attackers stole OAuth tokens from Salesloft’s Drift app to siphon Salesforce CRM records, leaving customers scrambling as missing or altered data disrupts sales operations. It’s a sharp reminder that convenient third‑party integrations can become powerful attack vectors unless tokens, permissions and vendor vetting are tightly managed.

Analyst 207
OAuth tokens: Stunning Risky Drift AI Data Breach

OAuth tokens: Stunning Risky Drift AI Data Breach

A recent campaign abused compromised OAuth and refresh tokens tied to the Drift AI chat agent to siphon data from Salesloft—potentially creating a corridor into downstream Salesforce records. If you used Salesloft–Drift integrations, assume exposure: revoke tokens, rotate credentials, enable MFA, and audit access immediately.

Analyst 207
credential-theft campaign: Exclusive Salesforce Risk

credential-theft campaign: Exclusive Salesforce Risk

Google warns of a credential-theft campaign that abused a Salesloft integration to phish Salesforce logins — a wake-up call that third-party apps can be your weakest link. Audit connected apps, enforce MFA, and tighten permissions now before attackers pivot from integrations into your CRM.

Analyst 207