In March, hackers breached Salesloft’s GitHub and AWS environments. This planted the seed for a series of major data leaks this summer.
Google, Palo Alto, Zscaler, Cloudflare, Tenable, and more: the list of companies affected by data breaches this summer is long. The data leaks have a common factor: Salesloft Drift. Through the popular sales engagement platform, hackers managed to break into the Salesforce environments of the affected companies.
The cause of the data leaks is now known. Salesloft itself was first hacked, according to research by Google subsidiary Mandiant. The attackers first breached a GitHub account of the company.
From there, the hackers moved to the AWS environment, where they obtained authentication tokens. This allowed them to exploit the integration between Salesloft and Salesforce environments to steal customer data. All of this is said to have happened ‘between March and June’, with a peak of data leaks reached this summer.
Integration Restored
Salesloft announces that it has the situation completely under control again. The investigation has shown that ‘no additional indications of compromise were found’, which reassures Salesloft that the intruders are no longer present on its internal systems.
Consequently, the connection with Salesforce can be restored, after it was disconnected once the number of data breach reports peaked. Customers are requested to contact customer service to resynchronize their data.
Weakest Link
The incident is a good illustration of the danger of so-called supply chain attacks. In these attacks, hackers breach systems through the weakest link, which can be a supplier. In this case, Salesforce on one side, and victims like Zscaler, Palo Alto, and Google on the other, had their affairs in order.
An error at intermediary Salesloft Drift made the attacks possible nonetheless. In Europe, the NIS2 regulation therefore pays a lot of attention to such risks.