The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft - Krebs on Security

The incident involved the mass-theft of authentication tokens from Salesloft's Drift application, leading to significant data exfiltration from integrated corporate Salesforce instances and other cloud services. Threat actors, tracked as UNC6395, leveraged these stolen credentials to perform "authorization sprawl," accessing and siphoning sensitive data including AWS keys and VPN credentials.