- Zscaler confirms the loss of sensitive customer data from his account
- The attackers moved after having compromised the Drive Drift Platform of Salesloft
- Some people believe it was done by chulleurs
We can now add Zscaler to the growing list of Salesloft customers who have undergone a third -party cyber attack and a loss of information on sensitive customers after confirming that the data has been taken.
In the announcement, Zscaler explained that it was a Salesloft client, including the AI cat platform, Salesloft Drift, was compromised.
Since this platform connects with Salesforce, the disbelievers have managed to move laterally, steal oauth tokens and update and access customer data such as Zscaler.
Shinyhuters or UNC6395?
The company stressed that its systems and products were not compromised, just the data:
“The scope of the incident is limited to Salesforce and does not imply access to any of the underlying products, services or systems of Zscal,” he said.
However, the attackers managed to steal names, corporate email addresses, employment titles, telephone numbers, regional details and location, Zscal product licenses and commercial information, as well as the content of certain assistance cases.
The company has said that so far, there is no evidence that the data will be abused in the wild, but it has always asked its users to remain vigilant and be wary of phishing and social engineering attacks. Zscaler also said that he had revoked all the integrations of the Salesloft drift, turned API tokens and launched an in -depth investigation.
Until now, the allocation of the attack was rather difficult. The GTIG threat Intelligence Group (GTIG) believes that it is the work of a threat actor that he follows as UNC6395.
Shinyhuters, a known ransomware operator and a data thief, also assumed responsibility, a confirmed complaint to the media by several security researchers.
Via Bleeping Compompute
