市值: $2.1666T 1.52%
成交额(24h): $61.6858B -27.15%
  • 市值: $2.1666T 1.52%
  • 成交额(24h): $61.6858B -27.15%
  • 恐惧与贪婪指数:
  • 市值: $2.1666T 1.52%
加密货币
话题
百科
资讯
加密话题
视频
热门新闻
加密货币
话题
百科
资讯
加密话题
视频
bitcoin
bitcoin

$87959.907984 USD

1.34%

ethereum
ethereum

$2920.497338 USD

3.04%

tether
tether

$0.999775 USD

0.00%

xrp
xrp

$2.237324 USD

8.12%

bnb
bnb

$860.243768 USD

0.90%

solana
solana

$138.089498 USD

5.43%

usd-coin
usd-coin

$0.999807 USD

0.01%

tron
tron

$0.272801 USD

-1.53%

dogecoin
dogecoin

$0.150904 USD

2.96%

cardano
cardano

$0.421635 USD

1.97%

hyperliquid
hyperliquid

$32.152445 USD

2.23%

bitcoin-cash
bitcoin-cash

$533.301069 USD

-1.94%

chainlink
chainlink

$12.953417 USD

2.68%

unus-sed-leo
unus-sed-leo

$9.535951 USD

0.73%

zcash
zcash

$521.483386 USD

-2.87%

加密货币新闻

SalesLoft,Drift和Data Theft:唤醒云安全性的唤醒电话

2025/09/02 02:40

针对Salesforce和Google Workspace的广泛数据盗用广告系列通过Salesloft的Drift应用程序揭示了相互联系的云服务的漏洞。你能做什么?

SalesLoft,Drift和Data Theft:唤醒云安全性的唤醒电话

Hold on to your hats, folks! A recent security snafu involving Salesloft and Drift has the tech world buzzing. Turns out, a data theft campaign initially targeting Salesforce integrations has broader implications, potentially compromising Google Workspace accounts and other linked systems. It’s a wild ride, so buckle up!

抓住你的帽子,伙计们!涉及SalesLoft和Drift的最新安全性SNAFU引起了科技界的嗡嗡声。事实证明,最初针对Salesforce集成的数据盗窃活动具有更广泛的影响,可能损害Google Workspace帐户和其他链接系统。这是一次疯狂的旅程,所以搭扣了!

The Lowdown on the Salesloft/Drift Debacle

Salesloft/Drift崩溃的低点

Google's Threat Intelligence Group (GTIG) dropped a bombshell, warning of a large-scale data theft campaign by the criminal group UNC6395. Initially, the attacks appeared to affect Salesforce instances connected to Salesloft Drift. However, new analysis shows that other systems connected to Salesloft Drift are also at risk. All authentication tokens associated with the Drift platform must be considered compromised. Between August 8 and at least August 18, 2025, members of UNC6395 systematically copied large amounts of data from Salesforce instances of companies. To do so, they gained access using compromised OAuth tokens originating from the AI platform Salesloft Drift.

Google的威胁情报集团(GTIG)放弃了重磅炸弹,警告犯罪集团UNC6395的大规模数据盗用活动。最初,攻击似乎会影响与SalesLoft Drift连接的Salesforce实例。但是,新的分析表明,与SalesLoft Drift连接的其他系统也处于危险之中。与漂移平台相关的所有身份验证令牌必须被视为妥协。在2025年8月8日至8月18日之间,UNC6395的成员系统地从公司实例中复制了大量数据。为此,他们使用源自AI平台Salesloft Drift的受损的Oauth代币获得了访问权限。

The Expanding Scope: It's Not Just Salesforce Anymore

扩大的范围:不仅仅是Salesforce

What started as a targeted assault on Salesloft has ballooned into a widespread campaign, where hackers impersonated legitimate users to siphon data from third-party platforms. According to reports, the attackers used the stolen credentials to access not just CRM data but also email contents, expanding the scope beyond what was initially disclosed. The scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations.

最初是对SalesLoft有针对性的攻击,已经激怒了广泛的广告系列,黑客将合法用户冒充了来自第三方平台的siphon数据。据报道,攻击者使用被盗的凭证不仅访问CRM数据,还可以访问电子邮件内容,从而将范围扩展到了最初披露的范围之外。此妥协的范围并不是Salesforce与SalesLoft Drift的集成并影响其他集成的范围。

How Did They Do It? OAuth Token Shenanigans

他们是怎么做到的? Oauth令牌恶作剧

These threat actors stole OAuth tokens from Salesloft’s Drift, a tool used for sales engagement and customer relationship management. These tokens were then leveraged to infiltrate connected services, including Salesforce instances and, alarmingly, select Google Workspace email accounts. The attackers’ strategy involved compromising Salesloft’s Drift OAuth tokens, which granted them persistent access to integrated apps without needing direct passwords. This allowed unauthorized queries to Salesforce APIs and Workspace inboxes, potentially exposing customer records, emails, and proprietary information.

这些威胁参与者从Salesloft的Drift偷走了Oauth代币,这是一种用于销售参与和客户关系管理的工具。然后将这些令牌利用为渗透连接的服务,包括Salesforce实例,并令人震惊地选择Google Workspace电子邮件帐户。攻击者的策略涉及损害SalesLoft的Drift Oauth代币,这使他们持续访问集成应用程序而无需直接密码。这允许未经授权的查询来销售Force API和Workspace收件箱,可能会揭示客户记录,电子邮件和专有信息。

The Aftermath: What’s Being Done?

后果:正在做什么?

Google swiftly revoked all compromised tokens and disabled affected integrations, a move that Salesforce mirrored to contain the damage. Salesloft notified customers who manage their own Drift connections to third-party applications via API keys to revoke these keys and reconnect using new keys.

Google迅速撤销了所有受损的令牌和残疾人的积分,Salesforce镜像以控制损坏的举动。 SalesLoft通知客户,他们通过API密钥来管理自己的漂移连接到第三方应用程序,以撤销这些键并使用新密钥重新连接。

Lessons Learned: Time for a Security Overhaul

经验教训:进行安全大修的时间

This breach serves as a stark reminder of the perils in third-party integrations. OAuth tokens, while efficient, lack robust revocation mechanisms in many setups, allowing attackers to maintain access post-compromise. To mitigate future risks, experts recommend adopting zero-trust models that verify every access request, regardless of origin. Organizations should audit all connected apps and implement multi-factor authentication more stringently. Google’s advisory stresses treating all Salesloft-linked tokens as compromised and rotating them immediately.

这种违规行为明显地提醒了第三方整合中的危险。 Oauth代币虽然有效,但在许多设置中都缺乏强大的撤销机制,从而使攻击者能够维持访问后的副业。为了减轻未来的风险,专家建议采用零信任模型来验证每个访问请求,而不论其原点如何。组织应审核所有连接的应用程序,并更严格地实现多因素身份验证。 Google的咨询强调,将所有与SalesLoft连接的代币视为妥协并立即旋转。

My Two Cents

我的两分钱

Let’s be real, this whole situation is a bit of a mess. The fact that a breach in one platform can cascade into others highlights the interconnectedness—and potential vulnerabilities—of modern cloud ecosystems. I think the industry needs to take a long, hard look at OAuth security and implement more robust safeguards. Otherwise, we’re just playing whack-a-mole with these breaches.

真实地说,整个情况有点混乱。一个平台中的漏洞可以级联到其他平台中,这突出了现代云生态系统的相互联系以及潜在的脆弱性。我认为该行业需要对OAUTH安全进行漫长而艰苦的研究,并实施更强大的保障措施。否则,我们只是用这些漏洞打摩尔。

Wrapping Up: Stay Vigilant, Folks!

总结:保持警惕,伙计们!

So, there you have it. The Salesloft/Drift data theft campaign is a wake-up call for anyone relying on cloud integrations. Keep those security protocols tight, stay informed, and maybe double-check those third-party connections. After all, in the world of cybersecurity, paranoia is just good sense. Stay safe out there!

所以,你有。 SalesLoft/Drift Data That Fact活动是依靠云集成的任何人的警钟。保持这些安全协议紧密,了解这些第三方连接,并仔细检查这些安全协议。毕竟,在网络安全世界中,偏执狂只是很好的感觉。在那里安全!

原文来源:heise

免责声明:info@kdj.com

所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!

如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。

2026年07月05日 发表的其他文章