Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/PogoWasRight/statuses/115221774356295875">Dissent Doe  :cupofcoffee: (pogowasright@infosec.exchange)'s status on Thursday, 18-Sep-2025 06:47:21 JST</a><a href="https://infosec.exchange/@PogoWasRight" title="pogowasright@infosec.exchange"><img src="https://gnusocial.jp/avatar/216210-48-20250918231829.webp" width="48" height="48" alt="Dissent Doe  :cupofcoffee:" style="position: absolute; left: 0; top: 0;">Dissent Doe  :cupofcoffee:</a></section><article><p>"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.</p><p>[...]</p><p>In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.</p><p>ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."</p><p>Read more of Lawrence Abrams' great reporting on Bleeping Computer:<br><a href="https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/" rel="nofollow">https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/</a></p><p><a href="https://infosec.exchange/tags/Salesforce" rel="tag">#Salesforce</a> <a href="https://infosec.exchange/tags/Salesloft" rel="tag">#Salesloft</a> <a href="https://infosec.exchange/tags/Oauth" rel="tag">#Oauth</a> <a href="https://infosec.exchange/tags/Drift" rel="tag">#Drift</a> <a href="https://infosec.exchange/tags/databreach" rel="tag">#databreach</a> <a href="https://infosec.exchange/tags/ransom" rel="tag">#ransom</a> <a href="https://infosec.exchange/tags/ShinyyHunters" rel="tag">#ShinyyHunters</a> <a href="https://infosec.exchange/tags/ScatteredSpider" rel="tag">#ScatteredSpider</a> <a href="https://infosec.exchange/tags/LAPSUS" rel="tag">#LAPSUS</a>$ <a href="https://infosec.exchange/tags/UNC6040" rel="tag">#UNC6040</a> <a href="https://infosec.exchange/tags/UNC6395" rel="tag">#UNC6395</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5648422#notice-11088178">In conversation</a><time datetime="2025-09-18T06:47:21+09:00" title="Thursday, 18-Sep-2025 06:47:21 JST">about 9 months ago</time> <span>from <span><a href="https://infosec.exchange/@PogoWasRight/115221774356295875" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@PogoWasRight/115221774356295875">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: www.bleepstatic.com</div><h5><a href="https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/#Salesforce">ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks</a></h5><div> from <span>@BleepinComputer</span></div></header><div>The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Dissent Doe :cupofcoffee: (pogowasright@infosec.exchange)'s status on Thursday, 18-Sep-2025 06:47:21 JST Dissent Doe :cupofcoffee:
"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.
[...]
In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.
ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."
Read more of Lawrence Abrams' great reporting on Bleeping Computer:
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/
#Salesforce #Salesloft #Oauth #Drift #databreach #ransom #ShinyyHunters #ScatteredSpider #LAPSUS$ #UNC6040 #UNC6395
In conversationabout 9 months ago from infosec.exchangepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.bleepstatic.com
  ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks
  from @BleepinComputer
  The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.

Public

Embed Notice

HTML Code

Corresponding Notice