Zscaler and Palo Alto Networks: Customer Data Siphoned From Salesforce Via OAuth Token Compromise
Data breaches have hit major cybersecurity vendors Zscaler and Palo Alto Networks. Both companies reportedly suffered compromises involving the theft of customer data and sensitive support case contents.
Users are citing specifics across the industry. BrikoX noted Palo Alto Networks was hit after alleged abuse of OAuth tokens stemming from the Salesloft Drift breach to access its Salesforce instance. Another user also pointed to Zscaler’s Salesforce instance being compromised, leading to customer data and support case theft.
The consensus points to significant exposure across the sector. Multiple vendors are linked to data loss, centered on compromises involving Salesforce access and OAuth tokens.
Key Points
#1Palo Alto Networks faced a data breach.
BrikoX stated attackers allegedly abused compromised OAuth tokens from the Salesloft Drift breach to gain access to its Salesforce instance, exposing customer data and support cases.
#2Zscaler suffered data exfiltration.
Both lemmydev2 and BrikoX independently cited Zscaler experiencing a breach where threat actors accessed its Salesforce instance to steal customer data, including support case contents.
#3The vector involves Salesforce and OAuth tokens.
The mechanism connecting the breaches across multiple vendors points to compromised access via OAuth tokens linked to Salesforce instances.
Source Discussions (3)
This report was synthesized from the following Lemmy discussions, ranked by community score.