Salesforce-Salesloft Data Breach: Widespread Theft Impact
- A refined threat actor successfully stole customer data from Salesforce instances by exploiting vulnerabilities in integrations with Salesloft and Drift.
- The attackers employed a "man-in-the-middle" (MitM) technique, intercepting and manipulating dialog between Salesloft/Drift and Salesforce.
“`html
Salesforce Data Breach: How Attackers Exploited Salesloft and Drift
What happened?
A refined threat actor successfully stole customer data from Salesforce instances by exploiting vulnerabilities in integrations with Salesloft and Drift. The Google threat Intelligence Group (GTIG) detailed the attack, revealing a complex operation targeting sales and marketing technology platforms to gain access to sensitive customer information.
The attackers employed a “man-in-the-middle” (MitM) technique, intercepting and manipulating dialog between Salesloft/Drift and Salesforce. Specifically, they compromised legitimate salesloft/Drift accounts and used them to inject malicious code into the data streams flowing to Salesforce. This allowed them to steal data without directly targeting Salesforce itself, bypassing many traditional security measures.
