{“lastseen”:”2025-09-03T05:21:50″,”description”:”\\n\\nSalesloft on Tuesday announced that it’s taking Drift temporarily offline \\”in the very near future,\\” as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authentication tokens.\\n\\n\\”This will provide the fastest path forward to comprehensively review the application and build additional resiliency and security in the system to return the application to full functionality,\\” the company said. \\”As a result, the Drift chatbot on customer websites will not be available, and Drift will not be accessible.\\”\\n\\nThe company said its top priority is to ensure the integrity and security of its systems and customers’ data, and that it’s working with cybersecurity partners, Mandiant and Coalition, as part of its incident response efforts.\\n\\nThe development comes after Google Threat Intelligence Group (GTIG) and Mandiant disclosed what it said was a widespread data theft campaign that has leveraged stolen OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent to breach customers’ Salesforce instances. \\n\\n\\”Beginning as early as August 8, 2025, through at least August 18, 2025, the actor targeted Salesforce customer instances through compromised OAuth tokens associated with the Salesloft Drift third-party application,\\” the company said last week.\\n\\n\\n\\nThe activity has been attributed to a threat cluster dubbed UNC6395 (aka GRUB1), with Google telling The Hacker News that more than 700 organizations may have been potentially impacted. \\n\\nWhile it was initially claimed that the exposure was limited to Salesloft’s integration with Salesforce, it has since emerged that any platform integrated with Drift is potentially compromised. Exactly how the threat actors gained initial access to Salesloft Drift remains unknown at this stage.\\n\\nThe incident has also prompted Salesforce to temporarily disable all Salesloft integrations with Salesforce as a precautionary measure. Some of the businesses that have confirmed being impacted by the breach are as follows -\\n\\n * Cloudflare\\n * Google Workspace\\n * PagerDuty\\n * Palo Alto Networks\\n * SpyCloud\\n * Tanium\\n * Zscaler\\n\\n\\n\\n\\”We believe this incident was not an isolated event but that the threat actor intended to harvest credentials and customer information for future attacks,\\” Cloudflare said. \\n\\n\\”Given that hundreds of organizations were affected through this Drift compromise, we suspect the threat actor will use this information to launch targeted attacks against customers across the affected organizations.\\”\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2025-09-03T03:53:00″,”modified”:”2025-09-03T04:15:27″,”type”:”thn”,”title”:”Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations”,”source”:””,”references”:””,”id”:”THN:7DBD184024F1D4D73810605407815997″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2025\/09\/salesloft-takes-drift-offline-after.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-03T05:21:50″,”description”:”\\n\\nSalesloft on Tuesday announced that it’s taking Drift temporarily offline \\”in the very near future,\\” as multiple companies have been ensnared in…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,43,5],"class_list":["post-15536","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n