Three major cybersecurity vendors Palo Alto Networks, Zscaler and Cloudflare confirmed on Tuesday that they were affected by a cyberattack linked to Salesloft Drift, a third-party application integrated with Salesforce. The incident highlights how one weak link in today’s interconnected enterprise systems can have a global impact.
Palo Alto Networks stated that “this supply chain attack impacted hundreds of organizations, including Palo Alto Networks” but assured that none of its products or services were compromised. The company clarified that the breach was limited to its CRM platform and mostly involved business contact information, internal sales account details and case data. However, it admitted that a few customers who had stored sensitive information like credentials in Salesforce case notes may also be affected.
Experts warned that the situation could be especially problematic for vendors like Palo Alto and Zscaler who operate in the Secure Access Service Edge sector since they play a direct role in customer authentication. Incidents of this nature often involve compromised identities, stolen tokens and vulnerable endpoints.
Zscaler explained that the attack involved stolen OAuth tokens connected to Salesloft Drift, which automates sales workflows and integrates with Salesforce databases. The data exposed may include customer names, job titles, email addresses, phone numbers, regional details, product licensing information and some plain text content from support cases. Attachments, images and files were not included in the breach.
A separate blog post from Palo Alto revealed that the attacker exfiltrated data from Salesforce objects such as Account, Contact, Case and Opportunity records. The threat actor also deleted query logs to conceal their activity. Palo Alto advised customers to rotate credentials and review Salesforce login history, audit trails and API access logs from 8 August onwards. It urged users to monitor for unusual login attempts, suspicious queries and activity linked to the Drift Connected App, including the Python user agent string and known attacker IP addresses.
The company stressed that its products remain secure and fully operational, but warned customers to remain vigilant and follow detailed guidance for detecting any suspicious activity linked to the attack.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
