Thought Leadership
The largest cyber security company by market capitalization, Palo Alto Networks, has also been affected by the large-scale supply chain attack on Salesforce systems and confirms a data leak.
As BleepingComputer reports, Palo Alto Networks is among the hundreds of companies that have been compromised by cyberattacks on Salesforce instances. The attackers used hijacked access tokens of the AI marketing platform SalesLoft Drift as a gateway.
Customer data and support tickets leaked
Palo Alto assures that it quickly contained the incident and removed the Drift app from its own infrastructure. The company’s own products, systems and services were not affected.
According to the customer notification, the compromised information mainly includes business contact details such as names, contact information, company attributes and basic support case details. “Technical support files or attachments to customer support cases were not part of the data exfiltration,” the letter states.
ShinyHunters claims authorship
The hacker group ShinyHunters and other cyber criminals claim responsibility for the series of attacks. In addition to Palo Alto Networks, Google, Victoria’s Secret, Zscaler, TransUnion, Farmers Insurance, Air France, KLM and other large companies were also hit.
Unit 42 sounds the alarm
On Tuesday, Palo Alto’s cyber threat intelligence unit Unit 42 issued an urgent security alert. The threat actors had extracted massive amounts of sensitive data from various Salesforce objects, including account, contact, case and opportunity records.
“Organizations with Salesloft Drift integration should make this incident a top priority,” warns Palo Alto.
Emergency measures recommended
The security experts advise immediate action: investigate all Drift API connections, check authentication activity and Salesforce logs for suspicious activity, and rotate all potentially compromised credentials.
“This includes Salesforce API keys, Connected App credentials and all other system access from the compromised data,” says the cybersecurity group. Companies should also be wary of social engineering attempts as a result of the data breach.
