An as-of-yet undiagnosed compromise of the Salesloft Drift AI-driven platform has led to a rash of stolen OAuth tokens, in turn creating downstream breaches at some of the biggest names in the cybersecurity industry.
Google Threat Intelligence Group has tracked threat actor UNC6395 stealing OAuth tokens via Salesloft Drift integrations in a massive Salesforce data theft campaign.
GitHub says that the OAuth tokens were not stolen via a breach of its own systems, but that dozens of private repositories were accessed. OAuth tokens that were issued to two third-party integrators, Heroku and Travis-CI.



