Zscaler Breach: Salesloft Drift Supply-Chain Attack Exposes Salesforce Data
Zscaler, a leading cybersecurity company, has been hit by a supply-chain attack via Salesloft Drift, resulting in a significant data breach. Google has warned users to review their integrations and rotate credentials following the incident.
The breach, which exposed Salesforce data including customer information and support case details, was made possible by unauthorized actors gaining access to Salesloft Drift credentials. This impacted multiple Salesforce customers, including Zscaler. The threat actor, identified as UNC6395, systematically exported large volumes of data from numerous corporate Salesforce instances.
In response, Zscaler has revoked Drift's Salesforce access, rotated API tokens, and added additional safeguards. Google has urged users to review their integrations, rotate credentials, and check for any breaches. It was also revealed that the breach is broader than Salesforce, affecting all integrations. Exposed information includes business contact details, product licensing information, and certain support case content. Attackers also used stolen OAuth tokens to access some Google Workspace emails via the Drift Email integration.
The attack on Salesloft Drift, involving the theft of OAuth tokens and the deletion of Salesforce data, began in August 2025. Salesloft responded by taking Drift temporarily offline, and Salesforce disabled affected integrations. Google Threat Intelligence Group and Mandiant have announced a large-scale data theft campaign targeting Salesloft to steal OAuth tokens.
The breach highlights the importance of robust security measures and regular reviews of third-party integrations. Zscaler and other affected parties are working to mitigate the impact of the breach and prevent future incidents. The full extent of the breach is still under investigation.
Read also:
- U.S. CBP's Operation Plaza Spike Boosts Fentanyl Seizures Along Arizona-Mexico Border
- Regensburg Court Sentences Pizza Delivery Owner for Illegal Employment, Tax Evasion
- Tesla's EV Market Share Plummets in Europe, US Competition Intensifies
- Catastrophe at a U.S. Steel facility in Pennsylvania results in the loss of two lives. crucial details unveiled
