When we first covered the Salesforce–Drift breach, we knew it was bad. Now it’s clear the impact is even bigger. Hundreds of organizations — including Cloudflare, Palo Alto Networks, Zscaler, Proofpoint, Rubrik, and even financial firms like Wealthsimple — have confirmed they were affected. The root cause? A compromised GitHub account that opened the door to Drift’s AWS environment and gave attackers access to Salesforce and other cloud integrations.
In Part 2, Sherri Davidoff and Matt Durrin dig into the latest updates: what’s new in the investigation, why more victim disclosures are coming, and how the GitHub compromise ties into a wider trend of supply chain attacks like GhostAction. They also share practical advice for what to do if you’ve been impacted by Drift — or if you want to prepare for the next third-party SaaS compromise.
Tips for SaaS Incident Response:
- Treat this as an incident: don’t wait for vendor confirmation before acting. There may be delays in vendor disclosure, so act quickly.
- Notify your cyber insurance provider:
- Provide notice as soon as possible.
- Insurers may share early IOCs, coordinate with vendors, and advocate for your org alongside other affected clients.
- They can also connect you with funded IR and legal resources.
- Engage external support:
- Bring in your IR firm to investigate and document.
- Work with legal counsel to determine if notification obligations are triggered.
- Revoke and rotate credentials:
- Cycle API keys, OAuth tokens, and active sessions.
- Rotate credentials for connected service accounts.
- Inventory your data:
- Identify what sensitive Salesforce (or other SaaS) data is stored.
- Check whether support tickets, logs, or credentials were included.
- Search for attacker activity:
- Review advisories for malicious IPs, user agents, and behaviors.
- Don’t rely solely on vendor-published IOCs — they may be incomplete.
References:
#salesforcehack #salesforce #SalesforceDrift #cybersecurity #cyberattack #databreaches #datasecurity #infosec #informationsecurity
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Cardiac Cowboys
The heart was always off-limits to surgeons. Cutting into it spelled instant death for the patient. That is, until a ragtag group of doctors scattered across the Midwest and Texas decided to throw out the rule book. Working in makeshift laboratories and home garages, using medical devices made from scavenged machine parts and beer tubes, these men and women invented the field of open heart surgery. Odds are, someone you know is alive because of them. So why has history left them behind? Presented by Chris Pine, CARDIAC COWBOYS tells the gripping true story behind the birth of heart surgery, and the young, Greatest Generation doctors who made it happen. For years, they competed and feuded, racing to be the first, the best, and the most prolific. Some appeared on the cover of Time Magazine, operated on kings and advised presidents. Others ended up disgraced, penniless, and convicted of felonies. Together, they ignited a revolution in medicine, and changed the world.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.