Salesloft Security Breach: Stolen Tokens Compromise 5,000+ Customers
Salesforce, a leading sales engagement platform, has been hit by a major security incident. This follows a voice phishing campaign that led to data breaches and extortion attacks affecting several companies. The incident has raised concerns about the security of Salesforce's 5,000+ customers, including prominent names visible on their homepage.
The incident, which began on August 8, involved unidentified hackers (UNC6395) using stolen tokens to siphon data from numerous corporate Salesforce instances. Google's Threat Intelligence Group warned about this on August 26. The stolen tokens provided access not just to Salesforce data, but also to hundreds of other online services integrated with Salesforce, such as Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.
This is not the first time Salesforce has faced such an issue. On August 5, Google disclosed that one of its corporate Salesforce instances was compromised by a different threat group (UNC6040), which claimed to be ShinyHunters. On August 28, Salesforce blocked Drift from integrating with its platform and related services. Google has advised organizations to immediately invalidate all tokens stored in or connected to their Salesforce integrations, regardless of the third-party service.
Salesforce's AI chatbot, used by many corporate websites, had its authentication tokens stolen in a recent mass-theft. The stolen data includes credentials for AWS keys, VPNs, and Snowflake, which could allow further compromise of victim and client environments. Salesforce disclosed the security issue on August 20, urging customers to re-authenticate their connections to invalidate existing tokens, but did not initially mention the tokens had been stolen.
The Salesforce incident highlights the importance of robust security measures in protecting sensitive data. With the potential for further compromise of victim and client environments, organizations are urged to follow Google's advice and invalidate all tokens stored in or connected to their Salesforce integrations. Salesforce's prompt action in urging customers to re-authenticate their connections is commendable, but the initial lack of disclosure about the stolen tokens raises questions about transparency in such critical matters.
Read also:
- chaos unveiled on Clowning Street: week 63's antics from 'Two-Tier Keir' and his chaotic Labour Circus
- Skechers Debuts First American Stores Focused on Athletic Footwear Performance
- Budget discrepancy jeopardizes highway projects' financial support
- Racing ahead in Renewable Energy Dominance: Changzhou, Jiangsu Pushes for Worldwide Renewable Energy Ascendancy
