To say that this is not good is an understatement. News is out that Palo Alto Networks suffered a data breach exposing customer data and support cases via a Salesforce exploit. Just think of what a threat actor can do with all of that information.
Lidia Lopez, Senior Threat Intelligence Analyst at Outpost24, had the following commentary:
“The case of Palo Alto data breach demonstrates the modus operandi of the threat actor is not stagnant, and they are capable of implementing other attack techniques to compromise as many victims as possible. This time they have used compromised OAuth tokens from the Salesloft Drift integration to query Salesforce data at scale. This is potentially affecting other clients using Salesloft Drift integration, for instance, Google and Cloudflare have already reported related exposure.”
“This represents a shift in modus operandi compared to previous intrusions of the threat actor, in which they used social engineering skills via phone phishing to trick them into revealing login credentials or installing malicious versions of Salesforce tools.”
I suspect that Palo Alto isn’t the last organization to be a victim of this Salesforce exploit. Which means that this is going to get real ugly for those who are trying to keep the bad guys out.
Like this:
Like Loading...
Related
This entry was posted on September 3, 2025 at 2:17 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Palo Alto Networks data breach exposes customer info, support cases
To say that this is not good is an understatement. News is out that Palo Alto Networks suffered a data breach exposing customer data and support cases via a Salesforce exploit. Just think of what a threat actor can do with all of that information.
Lidia Lopez, Senior Threat Intelligence Analyst at Outpost24, had the following commentary:
“The case of Palo Alto data breach demonstrates the modus operandi of the threat actor is not stagnant, and they are capable of implementing other attack techniques to compromise as many victims as possible. This time they have used compromised OAuth tokens from the Salesloft Drift integration to query Salesforce data at scale. This is potentially affecting other clients using Salesloft Drift integration, for instance, Google and Cloudflare have already reported related exposure.”
“This represents a shift in modus operandi compared to previous intrusions of the threat actor, in which they used social engineering skills via phone phishing to trick them into revealing login credentials or installing malicious versions of Salesforce tools.”
I suspect that Palo Alto isn’t the last organization to be a victim of this Salesforce exploit. Which means that this is going to get real ugly for those who are trying to keep the bad guys out.
Share this:
Like this:
Related
This entry was posted on September 3, 2025 at 2:17 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.