- The list of victims of the Salesloft / Drift attack continues to grow
- Palo Alto Networks confirmed that crooks have stolen sensitive information
- The company informs affected customers
The Salesloft Drift incident quickly turns into the next fiasco MFT Moveit, as another company confirms the loss of sensitive data in the third party attack. This time, the American multinational cybersecurity company Palo Alto Networks confirmed the loss of customer data and support information on the violation.
It all started with the Salesloft sales commitment platform. He uses Drift, a marketing and conversational sales platform with live chat, chatbots and AI, to hire visitors in real time. By working alongside Salesdrift, a third-party platform connecting the AI Drift AI functionality to Salesforce, synchronizing conversations, prospects and cases, in the CRM via the Salesloft ecosystem.
In early August of this year, the opponents managed to fly Oauth and update the Salesdrift tokens, to pivot in customer environments and to successfully exfiltrate sensitive data. The flight lasted 10 days, during which the attackers stole information at different companies, notably Zscaler and Cloudflare.
Hundreds of victims
In a declaration shared with Bleeping CompomputePalo Alto Networks said it was one of the “hundreds” of victims:
“Palo Alto Networks confirms that it was one of the hundreds of customers affected by the widespread supply chain attack targeting the Salesloft Drift application which exposed Salesforce data,” the company told publication. To contain the incident, the company disabled the application from its Salesforce environment, while its cybersecurity arm – unit 42 – confirmed that its products, systems and services were not affected.
“The attacker mainly extracts commercial contacts and related account information, as well as internal sales account records and basic data. We are in the process of directly notify the affected customers.” Supported Case Data maintained the contact details and text comments, it has been added.
Ransomware shinyhuanters actors took responsibility for the attack, but not everyone is convinced. Google, for example, believes that it is the work of a distinct entity which it follows as aC6395.
Via Bleeping Compompute
