A widespread campaign, attributed to suspected ShinyHunters, exploited OAuth tokens from Salesloft Drift's Salesforce integration, leading to mass exfiltration of customer data from multiple organizations, with attackers actively scanning exfiltrated data for credentials. Affected organizations are advised to revoke Salesloft Drift access and review login/API access logs for suspicious activity.
Latest mentioned: 09-08
Earliest mentioned: 09-02