Close Menu
Uncategorized

Google Reveals Widespread OAuth Breach: Affects All Salesloft Integrations

Staff WriterBy No Comments3 Mins Read5 Views

Quick Takeaways

  1. Widespread Impact: Google disclosed that attacks targeting Salesforce via Salesloft Drift affect all integrations, prompting a significant security alert to all users of the Drift platform.

  2. Potential Compromise: Users are advised to consider all authentication tokens connected to Drift as compromised, as attackers exploited stolen OAuth tokens to access limited Google Workspace email accounts.

  3. Action Taken: Google has revoked impacted OAuth tokens, disabled the Drift integration with Google Workspace, and urged organizations to review and secure their third-party integrations.

  4. No Evidence of Breach: Salesforce stated that their integrations have shown no signs of malicious activity related to the Drift incident, although they have temporarily disabled all Salesloft integrations as a precaution.

Google’s Warning of Broader Impact

Google has issued a warning regarding a serious breach linked to Salesloft’s Drift platform. Initially thought to only affect Salesforce users, the breach impacts all integrations associated with Salesloft Drift. Google’s Threat Intelligence Group, alongside Mandiant, stated that all authentication tokens connected to Drift should be considered compromised. This advisory specifically highlights that the breach allowed attackers to access a few Google Workspace email accounts via compromised OAuth tokens on August 9, 2025. It is crucial to emphasize that only accounts configured with Salesloft were vulnerable. Google confirmed that no other accounts within the customer’s Workspace domain were at risk.

As a precautionary measure, Google notified affected users and revoked access to the compromised tokens. They also disabled the integration features between Google Workspace and Salesloft Drift during their ongoing investigation. This incident underscores the importance of regular security reviews for all third-party integrations, as organizations must now revoke and rotate credentials for connected applications.

Salesloft’s Response and Ongoing Investigation

Following the breach revelation, Salesloft took immediate action by temporarily disabling the Drift integration across Salesforce, Slack, and Pardot platforms. Shortly after, Salesforce announced a full halt on all Salesloft integrations, prioritizing user security. However, Salesloft reported no evidence of malicious activity within its integrations related to this incident. Despite the heightened alerts, no indications suggest that the Salesloft services themselves are compromised or at risk.

This event reflects a pressing need for vigilance in cybersecurity practices. Organizations utilizing these integrations must conduct thorough investigations into their systems to identify any signs of unauthorized access. By remaining proactive, businesses can better safeguard their data and maintain trust with their users.

Expand Your Tech Knowledge

Learn how the Internet of Things (IoT) is transforming everyday life.

Explore past and present digital transformations on the Internet Archive.

DataProtection-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.