ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
What’s new: The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies by exploiting compromised Salesloft Drift OAuth tokens. The attackers have been targeting Salesforce customers for data theft over the past year, using social engineering and malicious OAuth applications. The stolen data includes sensitive information from Salesforce object tables such as Account, Contact, Case, Opportunity, and User. The group has also claimed responsibility for breaches affecting major companies, including Google and Cloudflare.
Who’s affected
Approximately 760 companies using Salesforce are impacted, with significant data theft reported from various Salesforce object tables. Notable companies affected include Google, Cloudflare, Zscaler, and others.
What to do
- Enable multi-factor authentication (MFA) for Salesforce accounts.
- Enforce the principle of least privilege for user access.
- Carefully manage connected applications and OAuth tokens.
- Regularly review and audit application permissions and access logs.
