🔍 What Happened
In August 2025, threat actor UNC6395 compromised Salesloft’s Drift AI-powered chatbot integration with Salesforce. By stealing OAuth refresh tokens, the group gained direct access into Salesforce environments across hundreds of organizations.
What did they walk away with?
- Contact data: names, emails, notes.
- Secrets: AWS keys, Snowflake tokens, API credentials.
- Support case data: sometimes sensitive operational detail.
Even worse, attackers deleted job logs after running bulk SOQL queries, making detection as likely as spotting a ninja in a blackout.
🤔 Why It Happened
The root issue wasn’t Salesforce. It was trust by default.
- Drift, as an AI chatbot, had broad OAuth permissions to Salesforce and other SaaS apps.
- Once compromised, those tokens acted as a VIP pass, bypassing normal security checks.
- In other words: why smash down the castle gate when you can just charm the chatbot holding the keys?
🛠️ Why It Happened That Way
Attackers weren’t improvising — they had a playbook.
| Tactic | Why It Worked |
|---|---|
| Compromise Drift (AI chatbot app) | Held wide OAuth permissions into Salesforce |
| Steal OAuth refresh tokens | Long-lived tokens = persistent access |
| Run bulk SOQL queries | Automated data harvest, “low noise” |
| Delete job logs | Evade detection — defenders blindfolded |
| Target high-value vendors | Zscaler, Palo Alto, Cloudflare, Proofpoint → fourth-party fallout |
This wasn’t just a breach — it was an ecosystem hack, weaponizing integration trust chains.
🕵️ Who Did It
- UNC6395: Primary attribution (tracked by Google GTIG, Mandiant, Unit42).
- ShinyHunters: Claimed credit, but think of them as that guy who brags at the bar about “totally being in the heist” — with no proof.
Victims (so far):
- Security heavyweights: Zscaler, Palo Alto Networks, Cloudflare, Proofpoint, Tanium, Tenable, CyberArk, BeyondTrust, Elastic, JFrog.
- Enterprises across finance, tech, retail, healthcare, and government.
- Even Google’s own Salesforce instance was brushed by this.
When your defenders get breached, you know the attack vector was crafty.
🛡️ What We Did About It
Immediate
- Salesloft & Salesforce: revoked Drift tokens, pulled the app from AppExchange.
- Victims: rotated keys, disabled integrations, launched IR investigations.
Strategic (Threat-Led Takeaways)
| Lesson | Why It Matters |
|---|---|
| Treat OAuth tokens as crown jewels | They bypass MFA and normal access controls. |
| Apply least privilege to connectors | Drift didn’t need “super admin” into everything. |
| Monitor integration telemetry | Watch for unusual token use, SOQL bulk jobs, deleted logs. |
| Model fourth-party fallout | If your vendor (e.g., Zscaler) is hit, assume risk to your customers too. |
| Add AI connectors into threat models | Convenience ≠ harmless. Chatbots can be beachheads. |
😏 Wrap-Up
This breach is the cybersecurity version of “My friend’s cousin’s dog ate my homework.” Except here, it was:
“My vendor’s AI chatbot got popped, so now my Salesforce data — and my customers’ data — is out in the wild.”
The lesson? In 2025, it’s not enough to harden your castle walls. You also need to vet the chatty little AI squire holding the drawbridge ropes.
📚 References
- SOCRadar: Salesloft Drift Breach – Everything You Need to Know (IOCs)
- Palo Alto Unit42: Threat Brief – Compromised Salesforce Instances
- SecurityWeek: More Cybersecurity Firms Hit by Salesloft Drift Breach
- TechRadar: Palo Alto, Zscaler Impacted
- DriftBreach Tracker: List of Affected Companies
Thirdeye Intelligence 