Ethical Hacking News
Zscaler Customer Data Compromised in Salesloft Drift Attacks: A Web of Intrigue
Recent attacks on Salesforce databases have exposed sensitive customer data, highlighting the need for robust security measures and continued vigilance against emerging threats. Zscaler has revealed that its customer data was compromised in recent Salesloft Drift attacks, while Google and Workday have also disclosed similar breaches affecting their customers' data.
Zscaler's customer data was compromised in a recent Salesloft Drift attack. A group suspected to be ShinyHunters stole OAuth tokens from Salesloft Drift's integration with Salesforce between August 8 and August 18. The stolen information includes names, business email addresses, job titles, phone numbers, regional/location details, Zscaler product licensing and commercial information, and plain text content from certain support cases. Palo Alto Networks' Unit 42 incident responders observed mass exfiltration of sensitive data from various Salesforce objects. The breach highlights the importance of robust security measures to prevent such incidents from occurring. Organizations must remain vigilant and proactive in addressing potential vulnerabilities, particularly with the use of OAuth tokens in third-party applications.
In a worrisome turn of events, Zscaler, a leading cloud security firm, has revealed that its customer data was compromised in recent Salesloft Drift attacks. This latest incident highlights the growing concern of cybercrime and the ever-evolving landscape of threat actors seeking to exploit vulnerabilities in the digital realm.
According to sources close to the matter, a group suspected to be ShinyHunters (UNC6395) stole OAuth tokens from Salesloft Drift's integration with Salesforce between August 8 and August 18. This act of cybercrime allowed the data thieves to gain limited access to some Zscaler Salesforce information.
The stolen information includes names, business email addresses, job titles, phone numbers, regional/location details, Zscaler product licensing and commercial information, and plain text content from certain support cases. Notably, this does NOT include attachments, files, and images.
Palo Alto Networks' Unit 42 incident responders have observed that the threat actor performed mass exfiltration of sensitive data from various Salesforce objects, including Account, Contact, Case, and Opportunity records. Following exfiltration, the actor appeared to be actively scanning the acquired data for credentials, likely with the intent to facilitate further attacks or expand their access.
This incident is part of a larger wave of Salesloft Drift breaches affecting multiple companies. Google has also disclosed that some of its customers' data was exposed in similar incidents, while Workday warns of CRM breach after social engineers made off with business contact details.
The Zscaler breach highlights the importance of robust security measures to prevent such incidents from occurring. The company suggests that customers revoke Salesloft Drift access to Zscaler's Salesforce data and rotate other API access tokens to be extra safe.
As the threat landscape continues to evolve, it is crucial for organizations to stay vigilant and proactive in addressing potential vulnerabilities. With various security frameworks and regulations in place, companies must remain diligent in protecting their sensitive information from falling prey to cybercriminals.
Moreover, this incident underscores the need for continuous awareness about emerging threats and vulnerabilities. Cybersecurity firms like Zscaler are working tirelessly to provide robust security solutions and monitoring systems to safeguard against such incidents.
In recent months, there have been numerous high-profile breaches and attacks that have highlighted the vulnerability of even large organizations. The use of OAuth tokens in third-party applications has proven to be a weak link in many cases, allowing attackers to gain unauthorized access to sensitive data.
As we move forward, it is essential for companies like Zscaler to collaborate with other security firms and governments to share intelligence and best practices for preventing such incidents. By working together, we can create a more secure digital landscape that protects the sensitive information of individuals and organizations alike.
In conclusion, the recent breach of Zscaler's customer data highlights the growing concern of cybercrime and the need for robust security measures to prevent similar incidents from occurring. As the threat landscape continues to evolve, it is crucial for organizations to stay vigilant and proactive in addressing potential vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/Zscaler-Customer-Data-Compromised-in-Salesloft-Drift-Attacks-A-Web-of-Intrigue-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/02/zscaler_customer_data_drift_compromise/
Published: Tue Sep 2 20:24:36 2025 by llama3.2 3B Q4_K_M
