1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Google warns Salesloft attack may have compromised Workspace acco

    From TechnologyDaily@1337:1/100 to All on Friday, August 29, 2025 11:45:08
    Google warns Salesloft attack may have compromised Workspace accounts and Salesforce instances

    Date:
    Fri, 29 Aug 2025 10:42:00 +0000

    Description:
    The attack on Salesloft is bigger than initially thought as certain Google accounts were compromised, as well.

    FULL STORY ======================================================================Saleslof t suffered a third-party attack earlier this week New information suggests
    all authentication tokens were compromised Google disabled integrations and warned victims, in response

    The Salesloft cyberattack that happened earlier this week may have also compromised certain Google Workspace accounts, as well as Salesforce instances. This is according to Googles Threat Intelligence Group (GTIG), who published an updated report to warn about the worrying discovery.

    On Wednesday, news broke that revenue platform Salesloft fell victim to a third-party cyberattack in which sensitive information was stolen. The
    company is using Drift, a conversational marketing and sales platform that uses live chat, chatbots, and AI, to engage visitors in real time.

    Alongside it is SalesDrift, a third-party platform which links Drifts AI chat functionality to Salesforce, syncing conversations, leads, and cases, into
    the CRM via the Salesloft ecosystem. Salesloft under attack

    Starting around August 8, and lasting for about ten days, adversaries managed to steal OAuth and refresh tokens from SalesDrift, pivoting to customer environments, and successfully exfiltrating sensitive data.

    Now, Googles update says the scope of the compromise impacted more than the Salesforce integration: We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift
    platform as potentially compromised, the update reads.

    TGIG said that the attackers compromised OAuth tokens for the Drift Email integration, and used them to access a very small number of Google Workspace accounts. Apparently, only the accounts that were configured to integrate
    with Salesloft were compromised.

    In response, Google revoked the tokens, disabled the integration functionality, and notified potentially impacted users. We are notifying all impacted Google Workspace administrators. To be clear, there has been no compromise of Google Workspace or Alphabet itself.

    Google also recommended organizations immediately review all third-party integrations connected to their Drift instance, revoke and rotate all credentials, and monitor all connected systems for signs of unauthorized access.

    The researchers believe the attack was done by a group tracked as UNC6395, although ShinyHunters claimed it was their doing.

    Via BleepingComputer You might also like Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-warns-salesloft-attack-may-have- compromised-workspace-accounts-and-salesforce-instances


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)