Customer Data of Zscaler and Palo Alto Stolen from Salesforce via Supply Chain Attack

Customer Data of Zscaler and Palo Alto Stolen from Salesforce via Supply Chain Attack

Zscaler and Palo Alto are the latest victims of Salesloft Drift attacks. Hackers were able to steal customer data from both companies’ Salesforce systems

Hackers have stolen customer data from Zscaler’s Salesforce systems. The stolen data includes names, business email addresses, employee job titles, phone numbers, location information, product license information, and notes linked to support tickets. Palo Alto also distributes an almost identical message.

Salesloft Drift

The attackers gained access to the Salesforce system via Salesloft Drift. This is a sales automation integration developed for Salesforce by a third party. Hackers were able to obtain OAuth tokens from Salesloft Drift. They subsequently misused these to steal Salesforce data from presumably hundreds of companies.

Zscaler is the latest victim to come forward, but not the only one. The zero trust specialist thus joins a long list of affected Salesforce customers, which also includes Palo Alto Networks, Cloudflare and Google.

read also

What is Zscaler and how does one pronounce it?

Hackers were able to operate virtually unhindered between August 8 and 18. The primary goal of the attackers is to find other sensitive data in the stolen information, such as passwords for cloud environments.

Phishing

Zscaler and Palo Alto have since revoked Drift’s access to their Salesforce data, even though Salesloft Drift has revoked and refreshed its OAuth tokens. Other API tokens were also rotated. The company is further investigating the matter and wishes to emphasize that no files, attachments, or images were exfiltrated in the theft.

For customers of the affected companies, the greatest risk lies in phishing. Armed with the stolen information, criminals can make very targeted contact, using names and roles of employees and even details related to support cases. Extra vigilance is therefore required.

Supply Chain Attack

The hack is a good illustration of the danger of so-called supply chain attacks. In these attacks, hackers breach systems through the weakest link, which can be a supplier. In this case, Salesforce on one side, and victims such as Zscaler, Palo Alto, and Google on the other, had their affairs in order.

An error at the smaller supplier Salesloft Drift made the attack possible nonetheless. In Europe, the NIS2 regulation therefore pays a lot of attention to such risks.

This article originally appeared on September 3 and was updated with the latest information.