Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations.
GTIG now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised. On August 28, 2025, GTIG investigation confirmed that the actor also compromised OAuth tokens for the “Drift Email” integration. On August 9, 2025, a threat actor used these tokens to access email from a very small number of Google Workspace accounts. The only accounts that were potentially accessed were those that had been specifically configured to integrate with Salesloft.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- TransUnion says hackers stole 4.4 million customers’ personal information
August 28, 2025
Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers’ personal information. In a filing with Maine’s attorney general’s office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers’ personal data for its U.S. consumer support operations. TransUnion claimed “no credit information was ...
- Jamaica: Cyber attack on Office of Registrar General contained, but services impacted
August 27, 2025
The Office of the Registrar-General (ORG), formerly the Registrar General’s Department (RGD), says it was affected by a cyber incident detected on Sunday and is working to determine its full scope. “Our initial assessment indicates that this incident was primarily designed to disrupt the availability of our systems,” the ORG said Wednesday. “As investigations are still ...
- The first AI-powered proof of concept ransomware has been spotted
August 27, 2025
Security researchers from ESET have identified the first known AI-powered ransomware, which serves as a warning for security teams as generative AI has, and will, continue to make cyberattacks much more accessible for criminals. Peter Strycek and Anton Cherepanov discovered the proof of concept, which they dubbed ‘PromptLock’, which, ‘leverages Lua scripts generated from hard-coded prompts ...
- Nevada hit by cyber attack disrupting state services for thousands
August 27, 2025
A cyber attack targeting Nevada’s state technology systems has left thousands of residents without access to vital services for days, with many offices still struggling to restore full operations. The attack, which began early Sunday morning, forced the closure of numerous state agencies, including the DMV, State Police, and Attorney General’s offices on Monday and Tuesday. ...
- A critical Docker Desktop security flaw puts Windows hosts at risk of attack – patch now
August 26, 2025
Docker has patched a critical severity vulnerability in its Desktop app for Windows and macOS which could have allowed threat actors to fully take over vulnerable hosts, exfiltrate sensitive data, and more. The vulnerability is described as a server-side request forgery (SSRF) and, according to the NVD, it “allows local running Linux containers to access the ...
- Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data
August 26, 2025
A security researcher has found over a thousand publicly exposed hobby servers run by Tesla vehicle owners that are spilling sensitive data about their vehicles, including their granular location histories. Seyfullah Kiliç, founder of cybersecurity company SwordSec, said he found over 1,300 internet-exposed TeslaMate dashboards on the internet, likely made public by mistake, allowing anyone to ...