CSTI
    breachThe Ransomware Era (2020-Present) Daily Briefing Landmark Event

    Salesloft OAuth Breach Exposes Customer Data of 700+ Organizations

    Wednesday, August 27, 2025

    Salesloft OAuth Breach Exposes Customer Data of 700+ Organizations

    On August 27, 2025, a significant security breach involving Salesloft has come to light, revealing vulnerabilities in their OAuth token integration with Drift AI. The breach, attributed to the threat group UNC6395, compromised Salesforce customer data, impacting over 700 organizations. Unauthorized access enabled attackers to export sensitive credentials and access tokens, posing a substantial risk to customer security. In response, Salesloft has taken immediate action to revoke affected connections and temporarily disabled integrations to safeguard customer information. The incident underscores the ongoing challenges of securing third-party integrations and highlights the importance of robust security measures in safeguarding sensitive data.

    Also In Security Today

    • Citrix Vulnerabilities: Citrix is under fire as three critical vulnerabilities in its NetScaler products, including CVE-2025-7775, are being actively exploited. Users are urged to patch immediately to prevent potential remote code execution attacks. CyberMaxx
    • ShinyHunters Breach: The infamous hacking group ShinyHunters has breached a Salesforce database managed by Google, affecting a significant number of users. This incident highlights the effectiveness of social engineering tactics in infiltrating sensitive systems. Capture The Bug
    • Ransomware Attacks on Major Airlines: Air France and KLM are among the latest victims of ransomware attacks linked to third-party vendor vulnerabilities, raising alarms about the security implications of interconnected systems. Findings Cyber Report

    Analyst's Take

    Today's events emphasize the increasing sophistication and audacity of cyber threats, particularly from organized groups like UNC6395 and ShinyHunters. Organizations must prioritize patch management and security training to mitigate risks from both technical vulnerabilities and social engineering tactics. The interconnected nature of systems means that breaches can have widespread repercussions, making proactive security measures more critical than ever. Defenders should regularly review third-party integrations and ensure all software is updated to safeguard sensitive data.

    Sources

    Salesloft UNC6395 OAuth Data Breach Citrix Vulnerabilities