banner1
Logo Blinking Image
banner2

HOME
Security

Zscaler confirms data breach affecting its Salesforce system

by VARINDIA 2025-09-02
Zscaler confirms data breach affecting its Salesforce system

Zscaler has discovered a data breach after attackers accessed its Salesforce environment through compromised credentials from Salesloft Drift, an AI chat agent that integrates with Salesforce. The breach stems from a wider supply-chain attack on Salesloft Drift in which threat actors stole OAuth and refresh tokens. These tokens granted unauthorized access to Salesforce customer instances, allowing sensitive information to be exfiltrated.

 

Zscaler, in its advisory, confirmed its Salesforce instance was among those impacted. It stated, “As part of this campaign, unauthorized actors gained access to Salesloft Drift credentials of its customers including Zscaler,” the company stated. “Following a detailed review, we determined these credentials allowed limited access to certain Salesforce data.”

 

The compromised data includes -

·         Customer names

·         Business email addresses

·         Job titles

·         Phone numbers

·         Regional/location details

·         Product licensing and commercial details

·         Content from certain customer support cases

 

Zscaler further emphasized that the breach only affected its Salesforce system and that no Zscaler products, infrastructure, or services were compromised. Despite this, the company urged customers to remain alert for phishing or social engineering attempts leveraging the exposed data.

 

As the company continues to investigate the incident, Zscaler as mitigation step has-

·         Revoked all Salesloft Drift integrations with Salesforce

·         Rotated API tokens

·         Enhanced customer authentication during support calls to reduce social engineering risks

 

Google Threat Intelligence recently attributed the Drift compromise to a group tracked as UNC6395, which has been stealing Salesforce support cases to harvest credentials, AWS access keys, Snowflake tokens, and other sensitive data.

 

According to Google, UNC6395 also displayed operational security tactics—such as deleting query jobs to obscure activity—though logs remained intact for forensic review. The campaign extends beyond Drift’s Salesforce integration. Attackers also exploited Drift Email, gaining access to CRM and marketing automation data, and even used stolen OAuth tokens to infiltrate Google Workspace accounts to read corporate emails.

er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
India’s Growing Deepfake Scam Crisis

India’s Growing Deepfake Scam Crisis

Zscaler confirms data breach affecting its Salesforce system

Zscaler confirms data breach affecting its Salesforce system

Stopping Synthetic Fraud with FO AI

Stopping Synthetic Fraud with FO AI

SOFTWARE
View All
WhatsApp Status to soon get a 'Close Friend' feature

WhatsApp Status to soon get a 'Close Friend' feature

ADI adopts NVIDIA Jetson Thor to accelerate the development of humanoids

ADI adopts NVIDIA Jetson Thor to accelerate the development of humanoids

ManageEngine introduces DEX capabilities in Endpoint Central, advancing towards autonomous endpoint management

ManageEngine introduces DEX capabilities in Endpoint Central, advancing towards autonomous endpoint management

START - UP
View All
Ex-Twitter CEO Parag Agrawal Unveils AI-Focused Startup Parallel Web Systems

Ex-Twitter CEO Parag Agrawal Unveils AI-Focused Startup Parallel Web Systems

Travel tech startup Teleport acquired by StampMyVisa

Travel tech startup Teleport acquired by StampMyVisa

Tally Solutions launches ‘Startup Challenge’ to boost innovation in manufacturing tech

Tally Solutions launches ‘Startup Challenge’ to boost innovation in manufacturing tech

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
1-Hour Disappearing Messages on WhatsApp

1-Hour Disappearing Messages on WhatsApp

OpenAI Distributes 5 Lakh Free ChatGPT Licenses in India, Sparks Debate

OpenAI Distributes 5 Lakh Free ChatGPT Licenses in India, Sparks Debate

AI and Efficiency Drive $70B Indian SaaS Marke

AI and Efficiency Drive $70B Indian SaaS Marke

Gaming Bill 2025 Passed, Industry in Crisis

Gaming Bill 2025 Passed, Industry in Crisis

DPDP Act Leaves RTI Intact

DPDP Act Leaves RTI Intact

AI-Powered Cataloging Boosts Accuracy and Speed

AI-Powered Cataloging Boosts Accuracy and Speed

RBI Report on Free AI: Advancing Trust in Finance

RBI Report on Free AI: Advancing Trust in Finance

Big Tech’s Talent War

Big Tech’s Talent War

The Global AI Infrastructure Battle

The Global AI Infrastructure Battle

Screen Overuse Fuels Rising Childhood Myopia

Screen Overuse Fuels Rising Childhood Myopia

dsf