Office Hours | Salesloft Drift - Salesforce Data Theft Campaign

Office Hours: New Salesforce data theft campaign via Salesloft Drift

Google’s Threat Intelligence Group (GTIG) has issued a warning to Salesforce customers about a widespread data theft campaign led by the actor UNC6395.

Unlike the ongoing Salesforce vishing campaigns, this new attack exploits compromised OAuth tokens from the Salesloft Drift application to likely harvest credentials (AWS access keys, passwords, and Snowflake tokens, etc.) that can be used to compromise victim environments.

We’re hearing from customers across industries asking:

“Have we been impacted?” 

"How do I prevent and monitor for this type of attack across all SFDC apps?"

Join Jack and Brian this friday as we dive into these questions, and more.

We'll cover

• How to identify if your Salesforce data was exposed

• How to monitor and prevent this type of attack across all SFDC applications (with or without Arovy)

• Background on UNC6395 and what makes this campaign different

• Live Q&A to address your specific concerns

Details

• Date: Friday, August 29

• Time: 11am EST / 8am PST

• Duration: 30 minutes

• Live Q+A

• Can't Attend? Register, and we'll send the recording.