Salesforce
-
FBI warns of UNC6040 and UNC6395 hackers targeting Salesforce to steal data and extort victims
The FBI has issued a FLASH alert about UNC6040 and UNC6395 hacking groups that are compromising Salesforce environments to steal data and extort victims, releasing IOCs to aid defense efforts across organizations and multiple cloud platforms.
-
Palo Alto Networks says Salesforce data exposed in breach tied to Salesloft Drift supply-chain attack
Palo Alto Networks disclosed a data breach linked to a broader Salesloft Drift supply-chain attack that exposed customer data in its Salesforce CRM. The incident involved OAuth token abuse, mass exfiltration of Salesforce records, and credential harvesting, prompting token revocation, Drift disablement, and guidance for customers to review logs and rotate secrets.
-
Zscaler confirms Salesforce data exposure tied to Salesloft Drift compromise amid wider Salesforce breach activity
Zscaler confirms a data breach tied to the Salesloft Drift supply-chain attack, exposing customer Salesforce data due to compromised Drift credentials. The company revoked Drift integrations, rotated tokens, and reinforced customer authentication while investigations continue; Google Threat Intelligence links UNC6395 to the broader campaign affecting Salesforce environments.
-
Salesloft breach linked to theft of Drift OAuth tokens used to access Salesforce, Google says UNC6395 behind attack
Hackers breached Salesloft to steal Drift OAuth and refresh tokens used for Salesforce integration, enabling data exfiltration from customer environments. Google’s threat intelligence assigns UNC6395 to the activity and notes credential theft across cloud services, with administrators urged to rotate credentials and reauthenticate Drift-Salesforce connections.
-
Workday says data breach tied to Salesforce-related social engineering campaign, broader breach wave observed
Workday disclosed a data breach after attackers gained access to a third-party CRM platform via a social engineering campaign. While customer tenants were not affected, some business contact information was exposed. The incident appears linked to a broader Salesforce data-theft campaign attributed to the ShinyHunters group, with Workday noting the discovery on August 6.
-
Google Confirms Data Breach Linked to Ongoing Salesforce Attacks
Google has confirmed that it suffered a data breach linked to the ShinyHunters extortion group, amidst an ongoing series of Salesforce data theft attacks that have implicated multiple high-profile companies.
-
Cisco Reveals Data Breach Affecting User Accounts Amid Vishing Attack
Cisco Systems has reported a data breach involving user accounts due to a voice phishing incident. Basic profile information was compromised, but the company asserts that no sensitive data was affected. Cisco is taking measures to strengthen security following the incident.
-
Chanel Faces Data Breach Amid Ongoing Salesforce Security Threats
Chanel has confirmed a data breach impacting U.S. customers, linked to a series of ongoing Salesforce data theft attacks. The breach has raised concerns about security practices within the fashion industry as companies increasingly fall prey to sophisticated cyber threats.
-
Google Warns of Data Extortion Attacks Targeting Salesforce Accounts
Google has alerted companies using Salesforce to the rise of social engineering attacks targeting their platforms, warning that hackers claiming affiliation with the ShinyHunters extortion group are using advanced phishing tactics to steal sensitive data.
