Salesloft and Drift under supply chain attack This crisis has prompted unprecedented emergency measures by dozens of cybersecurity companies and major technology platforms. In fact, Google Workspace recently sent warnings about an OAuth attack connected to Salesloft that may have affected more than 700 organizations. UNC6395, also referenced as GRUB1, is responsible for the attack. To do that, they pulled off the largest authenticated token theft in history.
The breach has triggered alarm bells across the tech sector. Now, many of the aforementioned organizations are working around the clock to defend their systems and safeguard customer data. As a reaction to the incident, Salesforce has reacted by disabling all Salesloft integrations until they are sure that their users are protected from any future threats.
Scope of the Breach
According to reports from Google, the Salesloft and Drift incident has a considerable widespread effect. At stake are the future of more than 700 of these organizations. Combined with the massive scope, this makes the breach particularly egregious. All impacted industries need to mobilize immediately to start putting protective measures into place.
Cloudflare issued a statement framing the significance of the attack. They stated, “We believe this incident was not an isolated event but that the threat actor intended to harvest credentials and customer information for future attacks.” These kinds of insights underscore the risk of more far-reaching harm that may result from this breach.
A deep-dive technical analysis shows that UNC6395 will mostly take advantage of stolen credentials. That means they might start launching targeted phishing attacks on employees of the breached companies.
Response from Cybersecurity Firms
A lot of cybersecurity companies have already started answering the impact of this breach. PagerDuty provided an update to its customers regarding the Salesloft Drift data breach, while Palo Alto Networks responded to the Salesforce third-party application incident. Both companies are working to ensure their clients understand the risks involved and take appropriate action.
Proofpoint and Tanium have likewise released statements in response to the security incident. Zscaler provided information on their response to the supply chain attack, doubling down on their mission to keep all users safe and secure.
Salesloft business practices, and pledged to ensure they are taking the necessary actions to make this right. They promised that this approach will soon ensure that an in-depth review of the application proceeds expeditiously. It will improve resilience and security throughout the system to quickly and safely restore the application to full functionality.
Impact on Services
As a result of this breach, Salesloft has today publicly disclosed that the Drift chatbot will be removed from customer websites. This move is tantamount to enforcing an indefinite suspension of access to Drift. This decision is in line with a prudent principle of minimizing possible damage resulting from the OAuth token theft.
Salesloft’s proactive response shows that they understand the seriousness of the matter and are taking steps to protect their platform. The cybersecurity landscape is evolving, and incidents like these highlight the importance of vigilance and responsive action in maintaining user trust and system integrity.
