SolarWinds reports a major Salesforce data breach caused by compromised OAuth tokens, leading to large-scale data theft from multiple organizations. Although SolarWinds itself remains unaffected, the incident highlights significant security risks faced by major companies deploying Salesforce. #SalesforceDataBreach #OAuthTokens
Keypoints
- The breach was caused by compromised OAuth tokens linked to the Salesloft Drift integration.
- Attackers stole sensitive credentials and exported large volumes of data across multiple Salesforce instances.
- Major organizations like Google, Cloudflare, and Palo Alto Networks were affected by data theft campaigns.
- The threat group UNC6395 specifically targeted AWS access keys, Snowflake tokens, and user passwords.
- Federal authorities, including the FBI, issued warnings highlighting the seriousness of the threat and identifying IOC indicators.