Zscaler reports a data breach caused by threat actors accessing its Salesforce instance through stolen credentials linked to the Salesloft Drift attack. The incident exposed customer information, prompting enhanced security measures and ongoing investigation. #Salesforce #ThreatActors
Keypoints
- Threat actors gained access to Zscalerβs Salesforce through stolen OAuth tokens from the Salesloft Drift compromise.
- The breach exposed customer data such as names, emails, job titles, and support case contents.
- Zscaler revoked all affected integrations, rotated API tokens, and strengthened authentication protocols.
- Google Threat Intelligence linked the attacks to UNC6395, targeting credentials including AWS and Snowflake access tokens.
- Similar supply-chain attacks have impacted organizations like Google, Cisco, Adidas, and Tiffany & Co., emphasizing social engineering risks.