EN, Search Security Resources and Information from TechTarget

News brief: Salesloft Drift breach update and timeline

<p>Additional information has surfaced and new victims have come forward in the Salesloft Drift breach, which has affected more than 700 organizations globally.</p>
<div class=”ad-wrapper ad-embedded”>
<div id=”halfpage” class=”ad ad-hp”>
<script>GPT.display(‘halfpage’)</script>
</div>
<div id=”mu-1″ class=”ad ad-mu”>
<script>GPT.display(‘mu-1’)</script>
</div>
</div>
<p>Salesloft and Salesforce announced on August 20 that they had revoked connections between Drift, an AI chatbot for sales and marketing teams, and the Salesforce CRM after detecting a security issue in the Drift application. On August 26, the companies announced that a threat actor used compromised credentials linked to the chatbot to gain unauthorized access to Salesforce instances between August 8 and 18, though new information has revealed the threat actor gained access to Salesloft’s GitHub repositories months prior.</p>
<p>Read a timeline of the attack and its fallout below.</p>
<p>The breach highlights the importance of <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-build-an-effective-third-party-risk-assessment-framework”>third-party risk management</a>, <a href=”https://www.techtarget.com/searchsecurity/tip/Why-fourth-party-risk-management-is-a-must-have/”>fourth-party risk management</a> and supply chain security, especially in <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-manage-third-party-risk-in-the-cloud”>SaaS environments</a>, as well as strong authentication, including token security, <a href=”https://www.techtarget.com/searchsecurity/definition/privileged-access-management-PAM”>privileged access controls</a> and strong <a href=”https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan”>incident response procedures</a>.</p>
<section class=”section main-article-chapter” data-menu-title=”Google warns of credential theft campaign targeting Salesforce users”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Google warns of credential theft campaign targeting Salesforce users</h2>
<p>Google’s Threat Intelligence Group reported that threat actor UNC6395 was targeting organizations using compromised OAuth tokens associated with Salesloft Drift.</p>
<p>

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Search Security Resources and Information from TechTarget

Read the original article: