Zscaler has disclosed a security incident tied to Salesloft Drift, a marketing automation service used by many Salesforce customers.
The company has confirmed that attackers stole OAuth tokens connected to Drift, which opened a door to certain Salesforce data. Zscaler was among the organizations affected.
Zsclaler stressed that its own products, services, and core infrastructure were not touched and that the breach was confined to Salesforce.
What was exposed? Mostly business contact details: names, emails, job titles, phone numbers, and regional information. Some Salesforce-related content was also accessed, including licensing and commercial details, as well as plain text from certain support cases. Files and attachments were not affected.
Zscaler says it has found zero evidence of misuse, but it isn’t ruling anything out. “If anything changes, we will provide further communications and updates,” the statement noted.
What Did Zscaler Do?
Zscaler said it acted quickly to address the incident and mitigate risks. Steps taken include:
- Revoking Salesloft Drift’s access to Zscaler’s Salesforce data
- Out of an abundance of caution, rotating other API access tokens.
- It launched a detailed investigation into the scope of the event, working closely with Salesforce to assess and understand the impacts as the investigation continues.
- Implement additional safeguards and strengthen protocols to defend against similar incidents in the future.
- It immediately launched a third-party risk management investigation for third-party vendors used by Zscaler.
- Zscaler’s Customer Support team has also strengthened customer authentication protocol when responding to customer calls to protect against potential phishing attacks.
Customers are advised to remain alert to phishing attempts or social engineering, particularly since stolen contact information could be used to make scams seem more natural and convincing.
Always verify who’s reaching out before you respond, and remember that Zscaler will never ask for passwords or authentication codes by phone, SMS, or email.
Zscaler added: “Given that other organizations have suffered similar incidents stemming from Salesloft Drift, it’s crucial to exercise caution regarding unsolicited communications, including emails, phone calls, or requests for sensitive information. Always verify the source of communication and never disclose passwords or financial data via unofficial channels.”
For those with questions, support channels remain open. Customers can visit help.zscaler.com or email [email protected].
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.