- Zscaler confirms to lose sensitive customer data from its account
- The attackers moved in after compromising Salesloft’s operating platform
- Some believe this was done by Shinyhunters
We can now add Zscaler to the growing list of Salesloft customers who suffered a third-party cyberattack and lost sensitive customer information after the confirmed data was taken.
In the message, Zscaler explained that it was a customer of Salesloft if AI Chat Platform, Salesloft Operation, was compromised.
As this platform is connected to Salesforce, Miscreants managed to move laterally, steal OAUTH and Refresh -Tokens and access data from customers like Zscaler.
Shinyhunters or UNC6395?
The company emphasized its systems and products were not compromised, just the data:
“The extent of the incident is limited to Salesforce and does not involve access to any of ZSCALER’s products, services or underlying systems and infrastructure,” it said.
Still, the striker managed to steal names, business -Email addresses, job titles, phone numbers, regional and location details, ZScaler -product licenses and commercial information as well as content from certain support cases.
The company said that so far there is no evidence that the data is abused in nature, but it still prayed its users to remain vigilant and on duty against incoming phishing and social technical attacks. Zscaler also said it recalled all Salesloft operating integrations, rotated the API tokens and started an in-depth study.
So far, the attribution of the attack was rather challenging. Google’s threat information group (GIRL) believes it is the work of a threat actor, it tracks like UNC6395.
Shinyhunters, a well -known ransomware operator and data thief, also assumed responsibility, a requirement confirmed to the media by several security researchers.
Via Bleeping computer
