ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks — Hand sifting data [https://www.bleepstatic.com/content/hl-images/2022/10/28/hand-si
What’s new: The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. The group has been targeting Salesforce customers for data theft over the past year, leveraging social engineering and malicious OAuth applications. The stolen data includes sensitive information from Salesforce object tables such as Account, Contact, Case, Opportunity, and User. The threat actors have also claimed to have breached Google’s Law Enforcement Request system, although Google confirmed no data was accessed through this fraudulent account.
Who’s affected
Approximately 760 companies using Salesforce, including major firms like Google, Cloudflare, and Zscaler, are impacted by this data breach. The stolen records include sensitive customer information, particularly from support tickets stored in the Case table.
What to do
- Implement multi-factor authentication (MFA) for Salesforce accounts.
- Enforce the principle of least privilege for user access.
- Carefully manage and review connected applications to Salesforce.
