Salesloft Drift is a threat campaign tracked across 7 threat clusters and 8 intelligence report mentions on ThreatCluster. First observed November 20, 2025; most recent activity June 21, 2026.
Between August 9 and August 17, 2025, the threat actor UNC6395 exploited stolen OAuth tokens from Salesloft's Drift integration to access Salesforce environments of over 700 organizations, including major tech firms.…
Kodak has confirmed a data breach after the ShinyHunters extortion group claimed responsibility for stealing over 2.2 million records, including customer personally identifiable information (PII) and internal corporate…
A significant supply chain attack has compromised Salesforce-stored data from more than 200 companies through applications published by Gainsight. Salesforce confirmed unauthorized access to customer data and is…
Grubhub has confirmed a data breach where unauthorized actors accessed parts of its internal systems. The company is now facing extortion demands related to the stolen data. Grubhub stated that it quickly detected and…
Hackers compromised Salesforce-stored data from more than 200 companies through a supply chain attack involving Gainsight applications. Google confirmed the breach, stating that unauthorized access to customer data was…
The Scattered Lapsus$ Hunters (SLH) hacking group is actively recruiting women to participate in voice-phishing (vishing) attacks. Advertisements on a public Telegram channel, detected by Dataminr, promise payments…
In August 2025, the Salesloft Drift breach compromised the data of hundreds of organizations, highlighting the security and privacy risks associated with third-party SaaS applications. As reliance on these applications…