#oauth-token-compromise

[ follow ]
#salesloftdrift #salesforce-breach #salesforce #data-extortion #shinyhunterslapsus #salesloft-github-breach
fromTheregister
7 hours ago

'Retired' Scattered LAPSUS$ Hunters resurface with leak site

"We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities," the advisory said. "Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support," it continued. "At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology."
Information security
Information security
fromTechzine Global
2 weeks ago

1.5 billion Salesforce records stolen according to ShinyHunters

ShinyHunters exfiltrated over 1.5 billion Salesforce records from 760 companies via compromised Salesloft OAuth tokens and used the data to extort victims.
Information security
fromwww.theregister.com
1 month ago

Zscaler customer data also nabbed in Salesloft Drift attacks

Stolen Salesloft Drift OAuth tokens enabled attackers to exfiltrate Salesforce customer data, exposing contacts, cases, opportunities, and commercial information for multiple companies.
Information security
fromZDNET
1 month ago

'2.5 billion Gmail users at risk'? Entirely false, says Google

Google did not issue a broad warning about a Gmail breach; attackers targeted Salesforce cloud data and phishing/vishing threats remain active.
[ Load more ]