Hackers successfully manage to exfiltrate customer data from Palo Alto Networks' Salesforce instances, as confirmed by the company itself.
In a series of cybersecurity incidents, a threat actor known as UNC6395 has carried out an attack on Salesloft's Drift application, leading to a supply chain attack that affected hundreds of organisations. The breach, which took place between August 8 and August 18, 2025, primarily targeted business contact information, internal sales account details, and basic customer case data.
Investigators have noted that the actor used automated Python tools for the data theft. The primary motive appears to be credential harvesting, and the attackers performed mass exfiltration of data from Salesforce objects.
Among the confirmed victims of this supply chain attack are major corporations such as Palo Alto Networks, Zscaler, and Google. Palo Alto Networks is in the process of contacting a "limited number of customers" whose potentially more sensitive data may have been exposed. However, the breach did not affect any of Palo Alto Networks' own products or services.
Palo Alto Networks was not the only victim. Luxury and retail giants like LVMH (Louis Vuitton, Dior), Chanel, and Adidas, financial and insurance companies like Allianz Life, Farmers Insurance, and TransUnion, were also targeted. TransUnion reported that the incident affected 4.4 million U.S. consumers.
In response to the breach, Salesloft and Salesforce collaborated to revoke all active Drift integration tokens and temporarily removed the app from the Salesforce AppExchange.
In parallel to the Salesloot incident, a group known as "ShinyHunters" (or UNC6040) has been breaching numerous major corporations since mid-2025. ShinyHunters have used sophisticated voice phishing, or "vishing," tactics to trick employees into granting them access to the company's Salesforce instance.
As the investigation continues, it is crucial for organisations to remain vigilant and take necessary steps to secure their data and protect against such attacks. The cybersecurity community will continue to monitor the situation and provide updates as more information becomes available.
Read also:
- Understanding Hemorrhagic Gastroenteritis: Key Facts
- Stopping Osteoporosis Treatment: Timeline Considerations
- Trump's Policies: Tariffs, AI, Surveillance, and Possible Martial Law
- Expanded Community Health Involvement by CK Birla Hospitals, Jaipur, Maintained Through Consistent Outreach Programs Across Rajasthan
