Salesloft Breach Exposes 700+ Companies' Data, Highlights API Security Risks
Salesloft, an AI company, has suffered a significant data breach affecting numerous organizations. The incident, which occurred between March and June 2023, involved unauthorized access to Drift, an AI chatbot platform acquired by Salesloft. The breach highlights the importance of securing non-human identities like API tokens and service accounts.
The threat actor gained entry to Drift's AWS environment, stealing authentication tokens for customer technology integrations. This enabled access to sensitive customer data. Companies impacted include Nutanix, Elastic, Cato Networks, Tenable, Rubrik, and Proofpoint. Most used Salesloft Drift to store and manage customer support information, with stolen data relating to support tickets and business contact details.
The breach was facilitated by a compromised GitHub account, allowing the hacker to access multiple repositories and establish workflows. The hacker spent months performing reconnaissance activities on Salesloft and Drift before the breach. At least 700 victims are related to the theft of Salesforce Salesloft Drift OAuth tokens, with potentially more affected due to compromised integrations. Canadian online investment management service Wealthsimple had customer government IDs, account numbers, and contact details accessed, but no funds were stolen.
Salesloft responded by isolating Drift's infrastructure, changing stolen credentials, and restoring integration with Salesforce. However, there is no available information on who discovered and fixed the security vulnerability in the API tokens.
The Salesloft data breach underscores the need for robust security measures, including protecting non-human identities. With potentially hundreds more affected due to compromised integrations, companies must prioritize their data security and stay vigilant against evolving threats.
Read also:
- India's Pragmatic Budget: Sitharaman Aims to Revitalise Growth, Alleviate Distress
- Eric Dane Diagnosed with ALS, Advocates for ACT for ALS
- Deepwater Horizon Oil Spill: BP Faces Record-Breaking Settlement - Dubbed 'Largest Environmental Fine Ever Imposed'
- Meta Unveils Ray-Ban AR Display Sunglasses; TikTok Agrees to $200 Million Deal
