Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

Palo Alto Investigates Data Theft After Hackers Exploit Stolen OAuth Tokens - Palo Alto Networks (NASDAQ:PANW)

Threat actor UNC6395 exploited stolen OAuth tokens from Salesloft Drift to access Salesforce data across hundreds of organizations, exposing sensitive credentials and customer information.

  • Between Aug. 8 and Aug. 18, Salesloft's Drift application suffered an intrusion affecting OAuth credentials, and Palo Alto Networks and Zscaler confirmed they were among hundreds impacted via Salesforce.
  • Google Threat Intelligence traced the activity to UNC6395, which used compromised OAuth tokens tied to Salesloft Drift to harvest AWS access keys and Snowflake-related access tokens from Salesforce data on Tuesday.
  • Cloudflare said its review found 104 Cloudflare API tokens and that exfiltrated data mainly included Salesforce case objects with support-ticket text and configuration details, not attachments.
  • Companies disabled the Drift integration, revoked OAuth tokens, and notified exposed customers directly, while Cloudflare urged credential rotations, saying it's "strongly urge you to rotate any credentials that you may have shared with us through this channel."
  • Cyble reported supply-chain attacks have doubled in recent months, and last week TransUnion disclosed a Salesforce-related incident exposing data of 4.4 million customers.
Insights by Ground AI
Does this summary seem wrong?

24 Articles

CyberScoopCyberScoop
Center

Salesloft Drift attacks hit Cloudflare, Palo Alto Networks, Zscaler

Multiple security and technology companies have been swept up in a far-reaching attack spree originating at Salesloft Drift, including Cloudflare, PagerDuty, Palo Alto Networks, SpyCloud and Zscaler.  Victim organizations continue to come forward as customers of the third-party AI chat agent hunt for evidence of compromise or receive notices from Salesloft and other companies involved in response, recovery and ongoing attack investigations.  Sal…

Read Full Article
BenzingaBenzinga
Center

Palo Alto Investigates Data Theft After Hackers Exploit Stolen OAuth Tokens - Palo Alto Networks (NASDAQ:PANW)

Palo Alto Networks (NASDAQ:PANW) confirmed a data breach after attackers used stolen OAuth tokens from the Salesloft Drift compromise to access its Salesforce Inc (NYSE:CRM) system. PANW is trading near recent highs. See what is driving the move here. The attackers exfiltrated business contact details, sales records and support case comments but did not compromise any products, services, or internal systems. The breach was part of a larger suppl…

·New York, United States
Read Full Article
BleepingComputerBleepingComputer
Reposted by
BizTocBizToc
Center

Cloudflare hit by data breach in Salesloft Drift supply chain attack

Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week.

Read Full Article
Tech RadarTech Radar
Center

Zscaler says it suffered data breach following Salesloft Drift compromise

Names, email addresses, and phone numbers stolen from Zscaler's account.

·United Kingdom
Read Full Article
The RegisterThe Register
Center

How big a Drift? Cloudflare cops to Salesloft Drift breach

: Show of hands: who WASN'T targeted?

Read Full Article
Security BoulevardSecurity Boulevard

Salesloft Drift Breach Rolls Up Cloudflare, Palo Alto, Zscaler, and Others

Cloudflare, Palo Alto Networks, and Zscaler are the latest among hundreds of victims of an expanding data-stealing attack by the UNC6395 threat group that is exploiting compromised OAuth tokens associated with Salesloft's Drift app to access organizations' Salesforce tenants and exfiltrate customer data. The post Salesloft Drift Breach Rolls Up Cloudflare, Palo Alto, Zscaler, and Others appeared first on Security Boulevard.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

The Register broke the news in on Tuesday, September 2, 2025.
Sources are mostly out of (0)

Similar News Topics

Business icon

Business

Apps icon

Apps

Salesforce icon

Salesforce

Finance icon

Finance

Chatbot icon

Chatbot

Environment icon

Environment

Technology icon

Technology

News
For You
SearchBlindspotLocal