Hackers exploited a GitHub account linked to Salesloft, leading to a widespread data breach affecting numerous organizations. The attack involved theft of customer data, Salesforce integration tokens, and exposed non-human identities, emphasizing the importance of securing API credentials. #Salesloft #GitHubBreache #Salesforce #APItokens #DataTheft
Keypoints
- The breach was carried out through a compromised GitHub account of Salesloft, impacting multiple organizations.
- The threat actor accessed Driftβs AWS environment and stole authentication tokens enabling data access.
- Companies affected include Cloudflare, Palo Alto Networks, Nutanix, Elastic, and Wealthsimple.
- Most stolen data involved support tickets, customer contact details, and Salesforce-related content.
- Security experts warn organizations to protect non-human identities like API tokens to prevent future incidents.
Read More: https://therecord.media/salesloft-hacker-broke-into-github