Salesloft Data Breach Affects 700+ Companies, Highlights API Security Risks
AI company Salesloft has suffered a significant data breach between March and June 2023. The incident has affected dozens of large organisations, with at least 700 victims linked to the theft of Salesforce Salesloft Drift OAuth tokens.
Hackers gained access to Salesloft's GitHub account and conducted reconnaissance on both Salesloft and Drift environments. They stole authentication tokens for customers' technology integrations, allowing them to access sensitive data. Companies including Nutanix, Elastic, Cato Networks, Tenable, Rubrik, and Proofpoint confirmed being impacted. Most used Salesloft Drift to store and manage customer support information, which was the primary target.
Salesloft swiftly responded by isolating Drift's infrastructure, changing stolen credentials, and restoring integration with Salesforce. Affected companies advised customers to consider any shared information compromised. Wealthsimple customers' personal information was accessed, but funds remained secure, and the incident was contained within hours. Companies like Google, Cisco, Adidas, Dior, and Tiffany & Co. have reportedly worked to restore their affected systems.
The Salesloft breaches underscore the importance of securing non-human identities like API tokens and service accounts. With at least 700 victims, companies must prioritise robust security measures to protect customer data. Salesloft's swift response and affected companies' proactive measures have helped mitigate potential damage.
Read also:
- U.S. CBP's Operation Plaza Spike Boosts Fentanyl Seizures Along Arizona-Mexico Border
- Regensburg Court Sentences Pizza Delivery Owner for Illegal Employment, Tax Evasion
- Tesla's EV Market Share Plummets in Europe, US Competition Intensifies
- Catastrophe at a U.S. Steel facility in Pennsylvania results in the loss of two lives. crucial details unveiled
