Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Zscaler: Salesloft Drift breach exposed customer data

Zscaler warns customer data exposed after Salesforce integration hack.

byKerem Gülen
September 2, 2025
in Cybersecurity

Zscaler, a cybersecurity firm, has issued a warning regarding a data breach affecting its customers. The breach stemmed from a compromise of its Salesforce instance following a supply-chain attack targeting Salesloft Drift. Attackers accessed OAuth and refresh tokens, which facilitated unauthorized access to Zscaler’s Salesforce environment and the exfiltration of sensitive customer data.

Zscaler’s advisory states that the compromise of Salesloft Drift, an AI chat agent integrated with Salesforce, led to the exposure. The attackers exploited stolen OAuth and refresh tokens to gain access to customer Salesforce environments. Zscaler’s statement highlights that “unauthorized actors gained access to Salesloft Drift credentials of its customers including Zscaler,” further noting that these credentials “allowed limited access to some Zscaler’s Salesforce information.”

The data exposed in the breach includes a range of customer information. This encompasses names, business email addresses, job titles, phone numbers, regional or location details, and Zscaler product licensing and commercial information. The breach also exposed content from certain support cases. Zscaler emphasized that the incident was isolated to its Salesforce instance and did not affect any Zscaler products, services, or underlying infrastructure.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

While Zscaler has not detected any misuse of the exfiltrated data, the company is urging customers to exercise caution. Customers are advised to be vigilant against potential phishing and social engineering attacks that could leverage the exposed information. As a precautionary measure, Zscaler has revoked all Salesloft Drift integrations with its Salesforce instance and rotated other API tokens. An internal investigation into the incident is currently underway. To further mitigate risks, Zscaler has enhanced its customer authentication protocol for support calls to prevent social engineering attempts.

Google Threat Intelligence identified UNC6395 as the threat actor behind the attacks. This actor is known for targeting sensitive credentials, including Amazon Web Services (AWS) access keys (AKIA), passwords, and Snowflake-related access tokens. Google’s report indicated that “GTIG observed UNC6395 targeting sensitive credentials such as Amazon Web Services (AWS) access keys (AKIA), passwords, and Snowflake‑related access tokens.” The report also mentioned that “UNC6395 demonstrated operational security awareness by deleting query jobs; however, logs were not impacted, and organizations should still review relevant logs for evidence of data exposure.”

The Salesloft supply-chain attack extended beyond the Drift Salesforce integration. It also impacted Drift Email, a tool used for managing email replies and organizing CRM and marketing automation databases. Attackers are reported to have exploited stolen OAuth tokens to access Google Workspace email accounts and read emails. This broader impact prompted Google and Salesforce to temporarily disable their Drift integrations pending the completion of the ongoing investigation.

Some researchers have suggested a potential connection between the Salesloft Drift compromise and recent Salesforce data theft attacks attributed to the ShinyHunters extortion group. The specific details of this connection are still under investigation, and further information is needed to confirm any direct links between these incidents.


Featured image credit

Tags: Salesloft Drift breachZscaler

Related Posts

Google’s Live Threat Detection is reportedly coming to more Android phones

Google’s Live Threat Detection is reportedly coming to more Android phones

October 23, 2025
Meta’s latest update focuses on protecting older users from scams

Meta’s latest update focuses on protecting older users from scams

October 22, 2025
US judge bans NSO Group from targeting WhatsApp users with Pegasus spyware

US judge bans NSO Group from targeting WhatsApp users with Pegasus spyware

October 21, 2025
AWS outage: A complete list of every site and app that went down

AWS outage: A complete list of every site and app that went down

October 20, 2025
Windows 11’s new security patch is a system-breaking disaster, fix it now

Windows 11’s new security patch is a system-breaking disaster, fix it now

October 20, 2025
Discord confirms support vendor hack exposing user data and government IDs

Discord confirms support vendor hack exposing user data and government IDs

October 20, 2025

LATEST NEWS

Is ChatGPT down again? Reports indicate ongoing outage

Path of Exile: Keepers of the Flame will be the Breach 2.0!

Google Meet now lets you move people in and out of meetings like a lobby

Sam Altman: AI will cause “strange or scary moments”

Anthropic gives Claude a real memory and lets users edit it directly

Nissan’s Sakura EV gets a solar roof that adds 1,800 miles a year

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.