Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data - The Hacker News

Threat actor UNC6395 exploited compromised OAuth and refresh tokens associated with the Drift AI chat agent, accessible via Salesloft, to gain unauthorized access to Salesforce customer instances. This systematic campaign led to the exfiltration of sensitive data, including AWS access keys, passwords, and Snowflake tokens, from over 700 organizations, indicating a potential supply chain attack.