Introduction to the Breach
Google has recently discovered that unknown attackers have used some credentials to access email from Google Workspace accounts through the Salesloft Drift AI chat agent. As a result, the company is advising users of the Salesloft Drift AI chat agent to consider all security tokens connected to the platform compromised.
What Happened
The attackers used compromised credentials to access email from Google Workspace accounts. In response to this, Google has revoked the tokens that were used in the breaches and disabled integration between the Salesloft Drift agent and all Workspace accounts as it investigates further. The company has also notified all affected account holders of the compromise.
Scope of the Breach
The discovery indicates that a Salesloft Drift breach is broader than previously known. Initially, it was reported that the compromised tokens were limited to Salesloft Drift integrations with Salesforce. However, the compromise of the Workspace accounts prompted Google to change that assessment. The Google Threat Intelligence Group stated that the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations.
Advice to Salesloft Drift Customers
Based on new information, Google now advises all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised. This means that all users of the Salesloft Drift AI chat agent should be cautious and take necessary steps to secure their accounts.
Response from Salesloft
On the day of the update, Salesloft’s security guidance page made no reference to the new information and instead continued to indicate that the breach affected only Drift integrations with Salesforce. Company representatives didn’t immediately respond to an email seeking confirmation of the Google finding.
Conclusion
The breach of the Salesloft Drift AI chat agent is a serious issue that affects not only Salesforce integrations but also other integrations. Google’s advice to consider all security tokens connected to the platform compromised is a necessary precaution to protect users’ accounts. It is essential for Salesloft Drift customers to be aware of the breach and take necessary steps to secure their accounts.
FAQs
Q: What happened to the Salesloft Drift AI chat agent?
A: Unknown attackers used some credentials to access email from Google Workspace accounts through the Salesloft Drift AI chat agent.
Q: What did Google do in response to the breach?
A: Google revoked the tokens that were used in the breaches and disabled integration between the Salesloft Drift agent and all Workspace accounts.
Q: What should Salesloft Drift customers do?
A: Google advises all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised.
Q: How did Salesloft respond to the breach?
A: Salesloft’s security guidance page initially made no reference to the new information, and company representatives didn’t immediately respond to an email seeking confirmation of the Google finding.
