Google reports a larger-than-expected breach involving stolen OAuth tokens that allowed attackers to access Salesforce and Google Workspace accounts. The incident highlights the importance of credential security and the potential impact on cloud service integrations. #SalesloftDrift #OAuthTokens
Keypoints
- Attackers stole OAuth tokens to access Salesforce and Google Workspace accounts connected to Salesloft Drift.
- The breach impacted Salesforce data and a small number of Google Workspace email accounts.
- Google has revoked the compromised tokens and disabled the Drift Email integration during the investigation.
- Organizations are advised to revoke, rotate, and review all credentials related to Drift integrations.
- Salesloft has temporarily disabled Drift integrations with Salesforce, Slack, and Pardot and engaged third-party forensic teams.