{"id":7478,"date":"2025-08-27T22:35:15","date_gmt":"2025-08-28T02:35:15","guid":{"rendered":"https:\/\/hostingdiscussion.com\/news\/?p=7478"},"modified":"2025-08-27T22:08:53","modified_gmt":"2025-08-28T02:08:53","slug":"stolen-drift-oauth-tokens-spark-salesforce-breach-investigations","status":"publish","type":"post","link":"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/","title":{"rendered":"Stolen Drift OAuth tokens spark Salesforce breach investigations"},"content":{"rendered":"<p><a href=\"https:\/\/www.google.com\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Google<\/a> confirmed that attackers hijacked OAuth tokens from Salesloft\u2019s Drift app to break into\u00a0 <a href=\"https:\/\/hostingdiscussion.com\/news\/salesforce-google-cloud-forge-2-5b-ai-powered-alliance\/\">Salesforce<\/a> databases, exposing customer credentials and sensitive data. The campaign, active between August 8\u201318, remains distinct from the ShinyHunters attacks on other major firms. Salesforce and Salesloft revoked tokens, pulled Drift from AppExchange, and urged affected customers to rotate credentials and audit for compromised secrets, including API keys and cloud service accounts.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google confirmed that attackers hijacked OAuth tokens from Salesloft\u2019s Drift app to break into\u00a0 Salesforce databases, exposing customer credentials and sensitive data. The campaign, active between August 8\u201318, remains distinct from the ShinyHunters attacks on other major firms. Salesforce and Salesloft revoked tokens, pulled Drift from AppExchange, and urged affected customers to rotate credentials and [&hellip;]<\/p>\n","protected":false},"author":20624,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[4368,4369,213,1917,4367],"class_list":["post-7478","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-drift-oauth-token-theft","tag-enterprise-cloud-security","tag-google","tag-salesforce","tag-saleslofts-drift-app"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Stolen Drift OAuth tokens spark Salesforce breach investigations - Web Hosting News<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Stolen Drift OAuth tokens spark Salesforce breach investigations - Web Hosting News\" \/>\n<meta property=\"og:description\" content=\"Google confirmed that attackers hijacked OAuth tokens from Salesloft\u2019s Drift app to break into\u00a0 Salesforce databases, exposing customer credentials and sensitive data. The campaign, active between August 8\u201318, remains distinct from the ShinyHunters attacks on other major firms. Salesforce and Salesloft revoked tokens, pulled Drift from AppExchange, and urged affected customers to rotate credentials and [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/\" \/>\n<meta property=\"og:site_name\" content=\"Web Hosting News\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-28T02:35:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-28T02:08:53+00:00\" \/>\n<meta name=\"author\" content=\"Justine Juyad\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Justine Juyad\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/\",\"url\":\"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/\",\"name\":\"Stolen Drift OAuth tokens spark Salesforce breach investigations - Web Hosting News\",\"isPartOf\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#website\"},\"datePublished\":\"2025-08-28T02:35:15+00:00\",\"dateModified\":\"2025-08-28T02:08:53+00:00\",\"author\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3\"},\"breadcrumb\":{\"@id\":\"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/hostingdiscussion.com\/news\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Stolen Drift OAuth tokens spark Salesforce breach investigations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#website\",\"url\":\"https:\/\/hostingdiscussion.com\/news\/\",\"name\":\"Web Hosting News\",\"description\":\"Cloud and web hosting industry daily news\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hostingdiscussion.com\/news\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3\",\"name\":\"Justine Juyad\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g\",\"caption\":\"Justine Juyad\"},\"description\":\"HostingDiscussion.com senior reporter\",\"sameAs\":[\"https:\/\/hostingdiscussion.com\/news\/\"],\"url\":\"https:\/\/hostingdiscussion.com\/news\/author\/justine-juyad\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Stolen Drift OAuth tokens spark Salesforce breach investigations - Web Hosting News","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/","og_locale":"en_US","og_type":"article","og_title":"Stolen Drift OAuth tokens spark Salesforce breach investigations - Web Hosting News","og_description":"Google confirmed that attackers hijacked OAuth tokens from Salesloft\u2019s Drift app to break into\u00a0 Salesforce databases, exposing customer credentials and sensitive data. The campaign, active between August 8\u201318, remains distinct from the ShinyHunters attacks on other major firms. Salesforce and Salesloft revoked tokens, pulled Drift from AppExchange, and urged affected customers to rotate credentials and [&hellip;]","og_url":"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/","og_site_name":"Web Hosting News","article_published_time":"2025-08-28T02:35:15+00:00","article_modified_time":"2025-08-28T02:08:53+00:00","author":"Justine Juyad","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Justine Juyad","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/","url":"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/","name":"Stolen Drift OAuth tokens spark Salesforce breach investigations - Web Hosting News","isPartOf":{"@id":"https:\/\/hostingdiscussion.com\/news\/#website"},"datePublished":"2025-08-28T02:35:15+00:00","dateModified":"2025-08-28T02:08:53+00:00","author":{"@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3"},"breadcrumb":{"@id":"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostingdiscussion.com\/news\/stolen-drift-oauth-tokens-spark-salesforce-breach-investigations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostingdiscussion.com\/news\/"},{"@type":"ListItem","position":2,"name":"Stolen Drift OAuth tokens spark Salesforce breach investigations"}]},{"@type":"WebSite","@id":"https:\/\/hostingdiscussion.com\/news\/#website","url":"https:\/\/hostingdiscussion.com\/news\/","name":"Web Hosting News","description":"Cloud and web hosting industry daily news","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostingdiscussion.com\/news\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/3a1732732b90f8c57c2a0ec68d3c49e3","name":"Justine Juyad","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostingdiscussion.com\/news\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/96df33d01870f85226adf8492251fbefe00bc349b10bb7679b094f3fa086999c?s=96&d=mm&r=g","caption":"Justine Juyad"},"description":"HostingDiscussion.com senior reporter","sameAs":["https:\/\/hostingdiscussion.com\/news\/"],"url":"https:\/\/hostingdiscussion.com\/news\/author\/justine-juyad\/"}]}},"views":147,"_links":{"self":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/7478","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/users\/20624"}],"replies":[{"embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/comments?post=7478"}],"version-history":[{"count":1,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/7478\/revisions"}],"predecessor-version":[{"id":7479,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/posts\/7478\/revisions\/7479"}],"wp:attachment":[{"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/media?parent=7478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/categories?post=7478"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostingdiscussion.com\/news\/wp-json\/wp\/v2\/tags?post=7478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}