Hackers steal data from Salesforce instances in widespread campaign

Google’s Threat Intelligence Group is aware of over 700 potentially impacted organizations. The threat actor used a Python tool to automate the data theft process for each targeted organization. Researchers confirmed that the attacks did not involve any vulnerability in the Salesforce platform. After stealing the data, the hackers looked for sensitive credentials, including access keys and passwords for Amazon Web Services and access tokens for the Snowflake cloud platform. The attacks largely occurred between August 8 and August 18. By August 20, Salesloft began working with Salesforce to revoke all active access and refresh Drift tokens.

For more details, read the full article here.