- Salesloft has undergone a third attack earlier this week
- New information suggests that all authentication tokens have been compromised
- Google Handicap Integration and warned the victims, in response
The Salesloft cyber attack which occurred earlier this week may also have compromised certain Google Workspace accounts, as well as the Salesforce instances. This is in accordance with the threat of intelligence of Google (GTIG), which has published a updated report to warn of the disturbing discovery.
The news on Wednesday announced that Salesloft of the income platform was the victim of a third-party cyber attack in which sensitive information has been stolen. The company uses Drift, a marketing and conversational sales platform that uses live cat, chatbots and AI, to hire visitors in real time.
In addition to Salesdrift, a third-party platform that links the AI Drift to Salesforce’s cat features, synchronizing conversations, prospects and cases, in CRM via the Salesloft ecosystem.
Salesloft under attack
From August 8, and duration of ten days, the opponents managed to steal oauth tokens and update Salesdrift, pivoting customer environments and successfully exfiltrating sensitive data.
Now, the Google update indicates that the extent of the compromise has had more impact than the Salesforce integration: “We are now advising to all Salesloft Drift customers to treat all authentication tokens stored or connected to the drift platform as potentially compromised”, indicates the update.
TGIG said the attackers compromised OAUTH tokens for “Email Drift” integration and used them to access a “very small number” of Google Workspace accounts. Apparently, only the accounts configured to integrate into Salesloft have been compromised.
In response, Google revoked tokens, disabled integration functionality and informed potentially impacted users. “We warn all the workspace administrators on Google impacted. To be clear, there was no compromise of Google Workspace or Alphabet itself.”
Google has also recommended that organizations immediately examine all third -party integrations connected to their drift body, reveal and turn all identification information, and monitor all connected systems for unauthorized access signs.
The researchers think that the attack was made by a group followed like UNC6395, although Shinyhuters said that it was doing them.
Via Bleeping Compompute
