Zscaler suffers data leak due to Salesloft Drift attacks, compromising customer information
In a recent turn of events, Zscaler has confirmed that some of its customer data was exposed during the Salesloft Drift attacks that occurred between August 8 and August 18. The breach was due to OAuth tokens being stolen from Salesloft Drift's integration with Salesforce.
The stolen OAuth tokens allowed the data thieves to silently steal a ton of Salesforce customer data, including names, business email addresses, job titles, phone numbers, regional/location details, Zscaler product licensing and commercial information, and plain text content from certain support cases.
At the moment, there are no specific persons or organizations publicly identified as having exploited the Zscaler data leak. Reports only confirm that Zscaler was affected by a data leak associated with Salesloft. The Chief Information Security Officer of Palo Alto Networks, Marc Benoit, has also confirmed that commercial data of their customers may have also been exposed in the Drift break-in.
The incident responders from Palo Alto Networks have warned about the threat actor performing mass exfiltration of sensitive data from various Salesforce objects. As of now, the identity of the attackers remains unknown.
Zscaler has not disclosed the exact number of customers affected by the breach. However, they have assured their customers that they are taking necessary steps to secure their data and prevent such incidents in the future. They encourage their customers to review their accounts for any suspicious activity and change their passwords as a precautionary measure.
This incident serves as a reminder for all businesses to prioritise data security and implement robust measures to protect sensitive information from potential breaches. It is crucial for businesses to stay vigilant and proactive in the face of cyber threats.
