- The list of victims of the Salesloft/Drift attack keeps growing
- Palo Alto Networks confirmed crooks stole sensitive information
- The company is notifying affected customers
The Salesloft Drift incident is quickly turning into the next MOVEit MFT fiasco, as yet another company confirms losing sensitive data in the third-party attack. This time around, it is the American multinational cybersecurity company Palo Alto Networks that confirmed losing customer data and support cases information in the breach.
It all began with the sales engagement platform Salesloft. It uses Drift, a conversational marketing and sales platform with live chat, chatbots, and AI, to engage visitors in real time. Working alongside it is SalesDrift, a third-party platform linking Drift’s AI chat functionality to Salesforce, syncing conversations, leads, and cases, into the CRM via the Salesloft ecosystem.
In early August this year, adversaries managed to steal OAuth and refresh tokens from SalesDrift, pivoting to customer environments, and successfully exfiltrating sensitive data. The theft lasted for 10 days, during which the attackers stole information from different companies, including Zscaler, and Cloudflare.
Hundreds of victims
In a statement shared with BleepingComputer, Palo Alto Networks said it was one of “hundreds” of victims:
“Palo Alto Networks confirms that it was one of hundreds of customers impacted by the widespread supply chain attack targeting the Salesloft Drift application that exposed Salesforce data,” the company told the publication. To contain the incident, the company disabled the application from its Salesforce environment, while its cybersecurity arm – Unit 42 – confirmed its products, systems, and services were unaffected.
“The attacker extracted primarily business contact and related account information, along with internal sales account records and basic case data. We are in the process of directly notifying any impacted customers.” Support case data held contact info and text comments, it was added.
Ransomware actors ShinyHunters took responsibility for the attack, but not everyone is convinced. Google, for example, believes this to be the work of a separate entity it tracks as UNC6395.
Via BleepingComputer
You might also like
https://cdn.mos.cms.futurecdn.net/YsReok3f8M9yESRDbeGJVH.jpg
Source link
