Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Zscaler: Salesloft Drift breach exposed customer data

Zscaler warns customer data exposed after Salesforce integration hack.

byKerem Gülen
September 2, 2025
in Cybersecurity

Zscaler, a cybersecurity firm, has issued a warning regarding a data breach affecting its customers. The breach stemmed from a compromise of its Salesforce instance following a supply-chain attack targeting Salesloft Drift. Attackers accessed OAuth and refresh tokens, which facilitated unauthorized access to Zscaler’s Salesforce environment and the exfiltration of sensitive customer data.

Zscaler’s advisory states that the compromise of Salesloft Drift, an AI chat agent integrated with Salesforce, led to the exposure. The attackers exploited stolen OAuth and refresh tokens to gain access to customer Salesforce environments. Zscaler’s statement highlights that “unauthorized actors gained access to Salesloft Drift credentials of its customers including Zscaler,” further noting that these credentials “allowed limited access to some Zscaler’s Salesforce information.”

The data exposed in the breach includes a range of customer information. This encompasses names, business email addresses, job titles, phone numbers, regional or location details, and Zscaler product licensing and commercial information. The breach also exposed content from certain support cases. Zscaler emphasized that the incident was isolated to its Salesforce instance and did not affect any Zscaler products, services, or underlying infrastructure.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

While Zscaler has not detected any misuse of the exfiltrated data, the company is urging customers to exercise caution. Customers are advised to be vigilant against potential phishing and social engineering attacks that could leverage the exposed information. As a precautionary measure, Zscaler has revoked all Salesloft Drift integrations with its Salesforce instance and rotated other API tokens. An internal investigation into the incident is currently underway. To further mitigate risks, Zscaler has enhanced its customer authentication protocol for support calls to prevent social engineering attempts.

Google Threat Intelligence identified UNC6395 as the threat actor behind the attacks. This actor is known for targeting sensitive credentials, including Amazon Web Services (AWS) access keys (AKIA), passwords, and Snowflake-related access tokens. Google’s report indicated that “GTIG observed UNC6395 targeting sensitive credentials such as Amazon Web Services (AWS) access keys (AKIA), passwords, and Snowflake‑related access tokens.” The report also mentioned that “UNC6395 demonstrated operational security awareness by deleting query jobs; however, logs were not impacted, and organizations should still review relevant logs for evidence of data exposure.”

The Salesloft supply-chain attack extended beyond the Drift Salesforce integration. It also impacted Drift Email, a tool used for managing email replies and organizing CRM and marketing automation databases. Attackers are reported to have exploited stolen OAuth tokens to access Google Workspace email accounts and read emails. This broader impact prompted Google and Salesforce to temporarily disable their Drift integrations pending the completion of the ongoing investigation.

Some researchers have suggested a potential connection between the Salesloft Drift compromise and recent Salesforce data theft attacks attributed to the ShinyHunters extortion group. The specific details of this connection are still under investigation, and further information is needed to confirm any direct links between these incidents.


Featured image credit

Tags: Salesloft Drift breachZscaler

Related Posts

Free and effective anti-robocall tools are now available

Free and effective anti-robocall tools are now available

October 3, 2025
WestJet cyberattack: 1.2m passengers’ data stolen

WestJet cyberattack: 1.2m passengers’ data stolen

October 2, 2025
Wiz: AI vibe coding leads to insecure authentication

Wiz: AI vibe coding leads to insecure authentication

September 29, 2025
DHS uses AI to detect AI-generated child abuse material

DHS uses AI to detect AI-generated child abuse material

September 29, 2025
Salesforce Agentforce hit by Noma “ForcedLeak” exploit

Salesforce Agentforce hit by Noma “ForcedLeak” exploit

September 26, 2025
Co-op Group reports £75m loss after April cyber-attack

Co-op Group reports £75m loss after April cyber-attack

September 25, 2025

LATEST NEWS

ChatGPT reportedly reduces reliance on Reddit as a data source

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Light-powered chip makes AI computation 100 times more efficient

Free and effective anti-robocall tools are now available

Choosing the right Web3 server: OVHcloud options for startups to enterprises

Z.AI GLM-4.6 boosts context window to 200K tokens

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.