Salesloft has announced that its Drift application will be taken offline temporarily to strengthen security after it was exploited in a data theft campaign targeting Salesforce customers.
The campaign, first disclosed last week, involved attackers compromising OAuth tokens linked to Drift. According to Google Threat Intelligence Group (GTIG), the threat actor—tracked as UNC6395—used these tokens to access Salesforce instances and exfiltrate large volumes of corporate data. Initially thought to be limited to Salesforce integrations, later findings revealed that Drift Email OAuth tokens were also compromised, broadening the impact.
In a September 2 update, Salesloft told Drift admins: “Drift will be temporarily taken offline to comprehensively review the application and build additional resiliency. As a result, the Drift chatbot will not be available, and Drift will not be accessible.” The company said it is working with Mandiant and Coalition to investigate.
Salesloft clarified that its core platform and browser extension remain functional, and teams can continue working with Salesforce data last synced before the disconnection. Salesloft AI Agents—including personalization and research tools—also remain unaffected.
Salesforce emphasized that its core platform was not compromised, reiterating the risk stemmed from third-party integrations.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
