- The list of victims of the Salesloft/Drift attack continues to grow
- Palo Alto Networks confirmed that criminals stole confidential information
- The company is notifying affected customers
The Salesloft drift incident is quickly becoming the next Moveit MFT fiasco, since another company confirms the loss of confidential data in the attack of third parties. This time, it is the American company of multinational cybersecurity Palo Alto Networks that confirmed the loss of customer data and support cases in the violation.
It all started with the Salesloft sales commitment platform. Use Drift, a conversational marketing and sales platform with live chat, chatbots and IA, to involve visitors in real time. Working together with Salesdrift salts, a third -party platform that links Drift’s chat functionality with Salesforce, synchronizing conversations, potential customers and cases, with CRM through the Salesloft ecosystem.
At the beginning of August of this year, the adversaries managed to steal Oauth and refresh the tokens of Salesdrift, pivot client environments and successfully exfiltrate confidential data. The robbery lasted 10 days, during which the attackers stole information from different companies, including Zscaler and Cloudflare.
Hundreds of victims
In a shared statement with BleepingcomputerPalo Alto Networks said it was one of the “hundreds” of the victims:
“Palo Alto Networks confirms that it was one of the hundreds of customers affected by the generalized attack of the supply chain aimed at the Salesloft Drift application that presented the Salesforce data,” the company told the publication. To contain the incident, the company disabled the application of its Salesforce environment, while its cyber security arm – Unit 42 – confirmed that its products, systems and services were not affected.
“The attacker mainly extracted commercial contact and related information, together with the records of the internal sales account and basic cases of cases. We are in the process of directly notifying any affected customer.” Data from the support box content were added Contact Information and Text Comments.
Ransomware Shinyhunters actors assumed responsibility for the attack, but not all are convinced. Google, for example, believes that this is the work of a separate entity that traces as UNC6395.
Through Bleepingcomputer
