ShinyHunters Launches Leak Site for Stolen Salesforce Customer Data
Dozens of companies report Salesforce-linked data theft. Investigators cite OAuth abuse and social engineering, not a core platform flaw.
Articles tagged with: #oauth
Clear filter
RESEARCH: The Salesloft + Drift breach unpacked
The Salesloft + Drift breach wasn't just "another cyber incident." It exposed how deeply intertwined our digital ecosystems are, and why Google Workspace customers everywhere should pay attention. 🔍 What really happened ⚡ Why this breach matters beyond the headlines 🛡️ How to protect your business before it's too late Bottom Line... lots of lessons about the risk of OAuth and 3rd party integrations: 👉 Read the full analysis here:...
Defending Against the Evolving OAuth Attack Landscape
submitted by /u/digicat [link] [comments]
SolarWinds Releases Advisory on Salesloft Drift Security Incident
SolarWinds has released an advisory regarding a security incident involving the Salesloft Drift integration for Salesforce, which led to unauthorized data access. The company confirmed that its own systems were not impacted by the breach, but is treating the matter with high priority. The security incident originated from compromised OAuth tokens associated with the Salesloft
Agentic JWT: A Secure Delegation Protocol for Autonomous AI Agents
arXiv:2509.13597v1 Announce Type: new Abstract: Autonomous LLM agents can issue thousands of API calls per hour without human oversight. OAuth 2.0 assumes deterministic clients, but in agentic settings stochastic reasoning, prompt injection, or multi-agent orchestration can silently expand privileges. We introduce Agentic JWT (A-JWT), a dual-faceted intent token that binds each agent's action to verifiable user intent and, optionally, to a specific workflow step. A-JWT carries an agent's...
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.
Automate OIDC client secret rotation with Application Load Balancer
Elastic Load Balancing simplifies authentication by offloading it to OpenID Connect (OIDC) compatible identity providers (IdPs). This lets builders focus on application logic while using robust identity management. OIDC client secrets are confidential credentials used in OAuth 2.0 and OIDC protocols for authenticating clients (applications). However, manual management of OIDC client secrets introduces security risks
The Salesloft Drift Breach Expose Critical Flaws in OAuth Implementations
The Salesloft Drift Breach Expose Critical Flaws in OAuth Implementations For enterprise security teams already struggling with SaaS sprawl and third-party risk management, the Drift breach is a reminder that OAuth tokens - designed to enhance security by eliminating password sharing - are high-value targets. submitted by /u/CybrSecHTX [link] [comments]
Cross-Service Token: Finding Attacks in 5G Core Networks
arXiv:2509.08992v1 Announce Type: new Abstract: 5G marks a major departure from previous cellular architectures, by transitioning from a monolithic design of the core network to a Service-Based Architecture (SBA) where services are modularized as Network Functions (NFs) which communicate with each other via standard-defined HTTP-based APIs called Service-Based Interfaces (SBIs). These NFs are deployed in private and public cloud infrastructure, and an access control framework based on OAuth...
Lessons from Salesforce/Salesloft Drift Data Breaches - Detailed Case Study
The Salesloft Drift data breaches of August 2025 stand as one of the most significant supply chain attacks in SaaS history, demonstrating how a single compromised integration can cascade into widespread organizational exposure. This sophisticated campaign, staged by the threat actor UNC6395, exploited OAuth token vulnerabilities to access sensitive data from over 700 organizations, including
GitHub Breach Exposed 700+ Companies in Months-Long Attack
Cybersecurity investigators say a massive supply-chain attack affecting over 700 companies began with a seemingly minor GitHub breach earlier this year. Salesloft first disclosed a security issue in the Drift application on Aug. 21, then shared more details about malicious OAuth token abuse five days later. According to an investigation by Mandiant, which is aiding
Salesloft Drift security incident started with undetected GitHub access
The company said a threat actor accessed and snooped around its account for months, then stole OAuth tokens for Drift integrations from its cloud environment.
Salesloft: March GitHub repo breach led to Salesforce data theft attacks
Salesloft says attackers first breached its GitHub account in March, leading to the theft of Drift OAuth tokens later used in widespread Salesforce data theft attacks in August.
Salesloft Drift Cyberattack Linked to GitHub Compromise and OAuth Token Theft
A sophisticated supply-chain attack that impacted over 700 organizations, including major cybersecurity firms, has been traced back to a compromise of Salesloft's GitHub account that began as early as March 2025. In an update on September 6, 2025, Salesloft confirmed that an investigation by cybersecurity firm Mandiant found that threat actors leveraged this initial access
Introducing Apache Kafka(R) 4.1.0: What's New and How to Upgrade
Apache Kafka 4.1 introduces Queues preview, new Streams Rebalance Protocol, OAuth support, and key client, Streams, and Connect enhancements.
6 browser-based attacks all security teams should be ready for in 2025
The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin.
Old Tanium Ad Made Me Think About Security Today
I was digging through some old papers and came across a Tanium ad from the Wall Street Journal - must be years old, saying security tech isn't working. With the Salesloft Drift attack still fresh - hackers hitting 700+ companies like Cloudflare - it hit me: are we still just trying to catch the bad guys after the fact? It's like relying on security cameras to spot trouble instead of a receptionist checking IDs at the door. That breach with stolen OAuth tokens shows we're always reacting too...
Build Secure Agent-to-App Connections with Cross App Access (XAA)
Secure access with enterprise IT oversight between independent applications that communicate with each other is a recognized gap in OAuth 2.0 . Enterprises can't effectively regulate cross-app communication, as OAuth 2.0 consent screens rely on users granting access to their individual accounts. Now, with the advent of AI agents that communicate across systems, the need to solve the gap is even greater - especially given the growing importance of enterprise AI security in protecting sensitive...
Risky Business #805 -- On the Salesloft Drift breach and "OAuth soup"
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The Salesloft breach and why OAuth soup is a problem The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed Google says it will stand up a "disruption unit" Microsoft writes up a ransomware gang that's all-in on the cloud future Aussie firm hot-mics its work-from-home employees' laptops Youtube scam baiters help the feds take down a fraud ring This episode is...
Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations
Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authentication tokens. "This will provide the fastest path forward to comprehensively review the application and build