Salesloft temporarily takes Drift offline due to a widespread supply chain attack exploiting OAuth tokens, leading to data theft from over 700 organizations. The breach primarily involves the Drift AI chat agent affecting Salesforce integrations, with ongoing efforts to strengthen system security. #UNC6395 #OAuthToken #SalesforceBreach
Keypoints
- Salesloft is temporarily disabling Drift to review and improve system security after a significant breach.
- The attack exploited OAuth and refresh tokens to access customer data and Salesforce instances.
- The threat has been linked to a cluster called UNC6395 (aka GRUB1), impacting over 700 organizations.
- Salesforce has responded by disabling all Salesloft integrations with its platform as a precaution.
- Cybersecurity firms like Mandiant and Coalition are assisting in the incident response to prevent further attacks.
Read More: https://thehackernews.com/2025/09/salesloft-takes-drift-offline-after.html