Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A third-party supply chain hack fallout continues to expand as major cyber security firms fall victim to an as-yet unknown threat actor.
Cyber security and DDoS mitigation firm Cloudflare has confirmed that it is one of many hundreds of companies whose customer data has been compromised as part of a third-party supply chain hack impacting the Salesloft Drift marketing platform.
“Last week, Cloudflare was notified that we (and our customers) are affected by the Salesloft Drift breach,” Cloudflare said in a 2 September blog post.
“Because of this breach, someone outside Cloudflare got access to our Salesforce instance, which we use for customer support and internal customer case management, and some of the data it contains.”
According to Cloudflare, the bulk of the compromised data was basic contact information; however, some support interactions were accessed, which may have revealed sensitive information such as access tokens.
“Given that Salesforce support case data contains the contents of support tickets with Cloudflare, any information that a customer may have shared with Cloudflare in our support system – including logs, tokens, or passwords – should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel,” it said.
Salesloft revealed the initial details of the incident on 20 August, and by 26 August, it was able to confirm that the threat actor’s intent was to steal sensitive credentials, such as “AWS access keys, passwords, and Snowflake-related access tokens”.
When Cloudflare was informed of the incident by Salesloft, the company immediately began an investigation and found that the threat actor had access to its Salesforce platform, via Salesloft, between 12 and 17 August.
“We believe this incident was not an isolated event but that the threat actor intended to harvest credentials and customer information for future attacks,” Cloudflare said.
“Given that hundreds of organisations were affected through this Drift compromise, we suspect the threat actor will use this information to launch targeted attacks against customers across the affected organisations.”
Another of the “hundreds of organisations” impacted by the supply chain attack is US-based cyber security multinational Palo Alto Networks, which confirmed it was also caught up in the incident on 2 September.
“As soon as we learned of the event, we disconnected the vendor from our Salesforce environment and our Unit 42 security teams launched a comprehensive investigation,” Palo Alto said in a blog post.
“Our investigation confirms the incident was isolated to our CRM platform; no Palo Alto Networks products or services were impacted, and they remain secure and fully operational. The data involved includes mostly business contact information, internal sales account and basic case data related to our customers.”
Palo Alto Networks is currently in the process of reaching out to “a limited number of customers that have potentially more sensitive data exposed”.
A day before, cloud security firm Zscaler also revealed its customer data had been compromised in the attack, an incident which many observers are calling the biggest third-party compromise of the year.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
