Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies

The Hacker News by The Hacker News
September 8, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Sep 08, 2025Ravie LakshmananSupply Chain Attack / API Security

Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account.

Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June 2025. So far, 22 companies have confirmed they were impacted by a supply chain breach.

“With this access, the threat actor was able to download content from multiple repositories, add a guest user, and establish workflows,” Salesloft said in an updated advisory.

The investigation also uncovered reconnaissance activities occurring between March 2025 and June 2025 in the Salesloft and Drift application environments. However, it emphasized there is no evidence of any activity beyond limited reconnaissance.

In the next phase, the attackers accessed Drift’s Amazon Web Services (AWS) environment and obtained OAuth tokens for Drift customers’ technology integrations, with the stolen OAuth tokens used to access data via Drift integrations.

Audit and Beyond

Salesloft said it has isolated the Drift infrastructure, application, and code, and taken the application offline effective September 5, 2025, at 6 a.m. ET. It has also rotated credentials in the Salesloft environment and hardened the environment with improved segmentation controls between Salesloft and Drift applications.

“We are recommending that all third-party applications integrated with Drift via API key, proactively revoke the existing key for these applications,” it added.

As of September 7, 2025 at 5:51 p.m. UTC, Salesforce has restored the integration with the Salesloft platform after temporarily suspending it on August 28. This has been done in response to security measures and remediation steps implemented by Salesloft.

“Salesforce has re-enabled integrations with Salesloft technologies, with the exception of any Drift app,” Salesforce said. “Drift will remain disabled until further notice as part of our continued response to the security incident.”



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Databricks Closes B Series K Funding Round, Exceeds 0B Market Cap

Databricks Closes $1B Series K Funding Round, Exceeds $100B Market Cap

Recommended.

AsyncRAT’s Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe

AsyncRAT’s Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe

July 15, 2025
AI and compliance: What are the risks? | Computer Weekly

AI and compliance: What are the risks? | Computer Weekly

May 28, 2025

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio