Zscaler says it suffered data breach following Salesloft Drift compromise

6 hours ago 3

(Image credit: Forcepint)

Zscaler confirms losing sensitive customer data from its account
The attackers moved in after compromising Salesloft's Drift platform
Some believe this was done by ShinyHunters

We can now add Zscaler to the growing list of Salesloft customers who suffered a third-party cyberattack and lost sensitive customer information after it confirmed data was taken.

In the announcement, Zscaler explained it was a customer of Salesloft, whose AI chat platform, Salesloft Drift, was compromised.

Since this platform connects with Salesforce, the miscreants managed to move laterally, stealing OAuth and refresh tokens, and accessing data from customers such as Zscaler.

ShinyHunters or UNC6395?

The company stressed its systems and products were not compromised, just the data:

“The scope of the incident is confined to Salesforce and does not involve access to any of Zscaler's products, services or underlying systems and infrastructure,” it said.

Still, the attackers managed to steal names, business email addresses, job titles, phone numbers, regional and location details, Zscaler product licensing and commercial information, as well as content from certain support cases.

The company said that so far, there is no evidence of the data being abused in the wild, but it still asked its users to remain vigilant and wary of incoming phishing and social engineering attacks. Zscaler also said it revoked all Salesloft Drift integrations, rotated API tokens, and kicked off an in-depth investigation.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

So far, attribution of the attack was rather challenging. Google’s Threat Intelligence Group (GTIG) believes it to be the work of a threat actor it tracks as UNC6395.

ShinyHunters, a known ransomware operator and data thief, also assumed responsibility, a claim confirmed to the media by multiple security researchers.

Via BleepingComputer

Google warns Salesloft Drift attack may have compromised Workspace accounts and Salesforce instances
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article