Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Zscaler Data Breach Exposes Info

September 2, 2025
Reading Time: 3 mins read
in Incidents
Sitecore Exploit Chain Warning

Zscaler has issued an advisory warning that its Salesforce instance was affected by a supply-chain attack, resulting in the exposure of customer information. This breach is linked to the compromise of Salesloft Drift, an AI chat agent, which was exploited by a threat actor to gain access to customer Salesforce environments. The stolen data includes names, business email addresses, job titles, phone numbers, and content from certain support cases. Zscaler emphasizes that its core products and infrastructure remain secure, with the breach limited to its Salesforce environment. The company has taken immediate action, revoking all Salesloft Drift integrations, rotating API tokens, and enhancing its customer authentication protocols to mitigate further risk.

The threat actor behind these attacks is tracked as UNC6395 by Google Threat Intelligence.

This group has been targeting support cases to harvest authentication tokens, passwords, and other secrets shared by customers. The attackers demonstrate operational security awareness by deleting query jobs, though logs remain unaffected. Google’s investigation revealed that the supply-chain attack extended beyond the Drift Salesforce integration to include Drift Email, which manages email replies and CRM databases. The attackers also used stolen OAuth tokens to access Google Workspace email accounts and read emails, underscoring the severity and scope of the campaign.

The Salesloft Drift compromise is believed by some researchers to overlap with recent Salesforce data theft attacks conducted by the ShinyHunters extortion group. This group has been conducting social engineering and voice phishing attacks to trick employees into linking malicious OAuth apps to their company’s Salesforce instances. This method allows them to download sensitive data from targeted organizations. The ongoing nature of these attacks highlights the persistent threat of social engineering and the need for robust security measures to protect against them.

In response to the widespread nature of the breach, both Google and Salesforce have temporarily disabled their Drift integrations. This action is a precautionary measure taken while investigations are ongoing to fully understand the scope and impact of the attack. Zscaler has also recommended that its customers remain vigilant against potential phishing and social engineering attacks that could leverage the stolen information. The incident serves as a critical reminder of the vulnerabilities inherent in third-party integrations and the importance of supply-chain security.

The attacks demonstrate a sophisticated understanding of how to exploit trusted integrations to move laterally within corporate environments and exfiltrate data. The use of compromised support cases to harvest credentials is a particularly insidious method, as it preys on the trust customers place in a company’s support process. The detailed information stolen, including licensing and commercial data, could be used for highly targeted social engineering campaigns. Organizations must therefore not only secure their own infrastructure but also carefully vet and monitor their third-party vendors and their integrations to prevent similar breaches in the future.

Reference:

  • Zscaler Breach Reveals Customer Data Following Salesloft Drift Security Issue
Tags: cyber incidentsCyber Incidents 2025Cyber threatsSeptember 2025
ADVERTISEMENT

Related Posts

Sitecore Exploit Chain Warning

Lotte Card Cyberattack Reported

September 2, 2025
Sitecore Exploit Chain Warning

Von Der Leyen Plane GPS Jamming

September 2, 2025
MathWorks Confirms Cyberattack Data Stolen

MathWorks Confirms Cyberattack Data Stolen

September 1, 2025
MathWorks Confirms Cyberattack Data Stolen

Fraudster Stole Millions From Baltimore

September 1, 2025
MathWorks Confirms Cyberattack Data Stolen

Google Warns Salesloft Breach Hit Accounts

September 1, 2025
Swedish Towns Hit By Ransomware Attack

Nevada Closes Offices After Cyberattack

August 28, 2025

Latest Alerts

High Risk SQLi In WordPress Plugin

AI Weaponized Nx Supply Chain Attack

Sitecore Exploit Chain Warning

Brokewell Android Malware In Fake Ads

North Korea APT37 Uses RokRAT In Phishing

New Zero Click Exploit Targets WhatsApp

Subscribe to our newsletter

    Latest Incidents

    Lotte Card Cyberattack Reported

    Von Der Leyen Plane GPS Jamming

    Zscaler Data Breach Exposes Info

    Google Warns Salesloft Breach Hit Accounts

    Fraudster Stole Millions From Baltimore

    MathWorks Confirms Cyberattack Data Stolen

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial