SalesLoft，Drift，違規時間表：您需要知道的

深入了解了Salesloft Drift違規，其時間表以及對網絡安全公司的廣泛影響。請了解這種關鍵的供應鏈攻擊。

The Salesloft Drift breach sent shockwaves through the cybersecurity world. With over 700 organizations affected, understanding the timeline and impact is crucial. Here's a breakdown of what happened.

Salesloft Drift漏洞在網絡安全世界中造成了衝擊波。有700多個組織受到影響，了解時間表和影響至關重要。這是發生的事情的細分。

The Breach: A Timeline of Events

違規：事件的時間表

The Salesloft Drift breach is a complex story unfolding over several months. Here's a simplified timeline:

Salesloft Drift Breach是一個複雜的故事，幾個月來展開。這是一個簡化的時間表：

• March 2025: Threat actors compromise Salesloft's GitHub account.
• March - June 2025: Attackers download repository data and conduct reconnaissance on Salesloft and Drift environments.
• August 8-18, 2025: Using stolen OAuth tokens, attackers access and exfiltrate data from customer Salesforce instances.
• August 20, 2025: Salesloft and Salesforce revoke connections between Drift and Salesforce.
• August 26, 2025: Companies announce unauthorized access. Google warns of credential theft.
• August 28, 2025: Salesloft begins investigation with Mandiant.
• September 2-8, 2025: Cybersecurity firms including Palo Alto Networks, Zscaler, Cloudflare, Proofpoint, Tenable, Qualys, Rubrik, Spycloud, BeyondTrust, CyberArk, Elastic, Dynatrace, Cato Networks and BugCrowd disclose they were victims.
• September 6, 2025: Salesloft confirms GitHub compromise as the initial attack vector.
• September 8, 2025: Salesforce restores integration with Salesloft (excluding Drift).

Key Insights and Takeaways

關鍵見解和外賣

The Salesloft Drift breach underscores several critical points:

Salesloft Drift Breach突出了一些關鍵點：

• Supply Chain Risks: Third-party integrations, especially in SaaS environments, introduce significant risks.
• OAuth Token Security: Stolen OAuth tokens are a powerful attack vector, granting access without triggering typical alerts.
• Importance of Incident Response: Swift action, including isolating infrastructure and rotating credentials, is crucial in containing breaches.
• GitHub as a Target: This incident highlights the growing trend of attackers targeting code repositories like GitHub.

The Impact on Cybersecurity Companies

對網絡安全公司的影響

A particularly alarming aspect of this breach is the number of cybersecurity companies affected, including Cloudflare, Zscaler, Palo Alto Networks and many others. This suggests a deliberate targeting of organizations with access to sensitive data and security infrastructure. While these companies took quick action to mitigate impact on products and services, the potential reputational damage and cost of remediation are substantial.

這種違規行為的一個特別令人震驚的方面是受影響的網絡安全公司的數量，包括Cloudflare，Zscaler，Palo Alto網絡等。這表明，有意針對訪問敏感數據和安全基礎架構的組織進行故意針對。儘管這些公司採取了快速行動來減輕對產品和服務的影響，但潛在的聲譽損害和補救成本是巨大的。

My Two Cents: A Wake-Up Call

我的兩分錢：喚醒電話

The Salesloft Drift breach serves as a potent reminder of the interconnectedness of the modern SaaS ecosystem. It's no longer enough to focus solely on your own security posture; you must also rigorously assess the security practices of your vendors. Assume compromise and ensure proper segmentation and monitoring are in place. Ignoring the reality of supply chain risk is a recipe for disaster.

Salesloft Drift違規行為有效地提醒了現代SaaS生態系統的相互聯繫。它不再僅僅專注於您自己的安全姿勢；您還必須嚴格評估供應商的安全慣例。假設妥協並確保適當的分割和監視。忽略供應鏈風險的現實是災難的秘訣。

Salesforce Restores Salesloft Integration

Salesforce還原SalesLoft集成

After investigation, Salesforce has restored integration with the Salesloft platform, while the Drift component remains disabled. The incident highlights the potential fallout of third-party application integrations, particularly with popular tools such as Salesloft and Drift.

經過調查後，Salesforce恢復了與SalesLoft平台的集成，而漂移組件仍然殘障。該事件突出了第三方應用程序集成的潛在影響，尤其是在流行的工具（例如Salesloft和Drift）的情況下。

What's Next?

接下來是什麼？

The investigation into the Salesloft Drift breach is ongoing. Expect further disclosures and analysis as more details emerge. In the meantime, take this as a learning opportunity to bolster your own security defenses.

對Salesloft漂流違規行為的調查正在進行中。隨著更多細節的出現，期望進一步的披露和分析。同時，將此作為學習機會來增強您自己的安全防禦能力。

So, yeah, maybe double-check those third-party app permissions? Just a thought. Stay safe out there, folks!

所以，是的，也許是雙方應用程序權限的雙重檢查？只是一個想法。伙計們，保持安全！