Salesloft Drift Google recently disclosed a security incident involving Salesloft Drift. This disclosure has forced it upon the company to answer questions of integrity with its integrations, most notoriously with Salesforce, Slack and Pardot. As for the breach, the tech powerhouse has already alerted impacted users of the breach and implemented measures to reduce possible dangers.
As part of their security initiative, Google invalidated some OAuth tokens that had previously been granted to the Drift Email App. The integration capability between Google Workspace powered by Salesloft Drift has been disabled while we continue our review. Out of an abundance of caution, Google is in the process of investigating to determine what data, if any, was affected by the breach.
Investigation and Security Measures
GTIG worked with Mandiant to deliver this advisory on a known in-progress incident that’s especially relevant right now. Their findings paint a dire picture. So far, they have not found any evidence of malicious activity within the Salesloft integrations tied to the Drift incident.
“Based on the investigation to date, there is no evidence of malicious activity detected in the Salesloft integrations related to the Drift incident.” – The Hacker News
While Google has provided a reprieve, they continue to encourage all Salesloft Drift customers to proceed with caution. Assume any authentication tokens saved in or associated with the Drift platform are compromised. These steps show that Google is serious about protecting user data and keeping their system secure.
Temporary Disabling of Integrations
Following the misuse, Salesforce removed the Drift integration from all of their platforms, including Slack and Pardot, while it was under review. This was done proactively, so that if any new vulnerabilities were discovered we could respond quickly to protect user data. After reviewing Goodman’s concerns about security protocols, Salesforce has re-enabled the integration.
Salesloft released a comment about Salesloft’s permanent suspension of the Drift integration. They wanted to highlight their commitment to keeping customer data safe and continuing operations in the wake of this change.
As organizations increasingly depend on holistic, integrated platforms to offer seamless communication and collaboration while improving operations, it is imperative to keep that security top of mind.
Ongoing Monitoring and User Guidance
Google’s active investigation is intended to help determine the exact scope and impact of this breach. Beyond revoking OAuth tokens and disabling integrations one-by-one, Google has taken additional measures to stop these attacks from being effective. We urge users to stay alert and continue to practice data security best practices in the meantime.
As organizations like Salesloft continue to work their way through this situation, they encourage being openly communicative with your users about any news.