Salesloft said it violated its GitHub account in March, allowing hackers to steal authentication tokens, which were later used in mass currencies targeting several of its large tech customers.
Salesloft cited Google incident response unit Mandiant’s investigation Its data breach page The yet-unnamed hacker accessed SalesLoft’s GitHub account and conducted a scout from March to June, which allowed them to download “content from multiple repositories, add guest users and build workflows.”
The timeline raises new questions about the company’s safety posture, including why it takes about six months to detect an intrusion.
Salesloft said the event is now “included”.
Contact Us
Do you have more information about these data breaches? With non-working devices, you can contact Lorenzo Franceschi-bicchierai in a signal of +1 917 257 1382 or via Telegram and Keybase @lorenzofb or e-mail. You can also Security.
After hackers broke into their GitHub account, the company said the hackers visited the Amazon Web Services cloud environment of Drift, a marketing platform powered by Salesloft AI and chatbots, which allowed them to steal Oauth Tokens for Drift’s customers. Oauth Is the standard that allows users to authorize an application or service to connect to another application. By relying on Oauth, Drift can integrate with platforms such as Salesforce to interact with website visitors.
In stealing these tokens, threat actors violated several sales ship customers such as Bugcrowd, Cloudflare, Google, ProofPoint, Palo Alto Networks and Tenable, etc.many of them may still be unknown.
Google’s Threat Intelligence Team Revealing supply chain rupture In late August, it was attributed to a hacker group it called UNC6395.
TechCrunch Events
San Francisco
|
October 27-29, 2025
Cybersecurity Publications dataabreaches.net and Angry computer Previous reports said the hackers behind the violation were prolific hackers known as Shinyhunters. The hacker is believed to have tried to blackmail the victim by contacting him privately.
By accessing Salesloft tokens, hackers access Salesforce instances, where they stole sensitive data contained in support tickets. “The main goal of the actor is to steal credentials, focusing specifically on sensitive information such as AWS access keys, passwords, and access tokens related to snowflakes,” Salesloft explain August 26.
SalesLoft explain Its integration with Salesforce has now been restored on Sunday.
