Zscaler Discloses Data Breach Following Salesforce Instance Compromise

Cybersecurity firm Zscaler has disclosed a data breach affecting customer contact information after unauthorized actors gained access to the company’s Salesforce database through compromised third-party application credentials.

The breach originated from a broader campaign targeting Salesloft Drift, a marketing automation platform that integrates with Salesforce databases to manage leads and customer relationships.

Cybercriminals successfully stole OAuth tokens from Salesloft Drift, granting them unauthorized access to connected Salesforce instances across multiple organizations, including Zscaler.

The cloud security provider emphasized that the incident was confined to its Salesforce environment and did not compromise any of Zscaler’s core products, services, or underlying infrastructure systems that protect thousands of enterprise customers worldwide.

Scope of Data Exposure

According to Zscaler’s investigation, the unauthorized access was limited to business contact information and Salesforce-specific content.

The compromised data included customer names, business email addresses, job titles, phone numbers, regional location details, and Zscaler product licensing information.

Additionally, plain text content from certain customer support cases was accessed, though the company confirmed that attachments, files, and images remained secure.

Zscaler stated that its extensive investigation found no evidence of data misuse following the breach.

However, the company acknowledged that the exposed contact information could potentially be leveraged for phishing attacks or social engineering attempts targeting affected customers.

Zscaler responded immediately upon learning of the incident, taking several protective measures to contain the breach and prevent future occurrences.

The company revoked Salesloft Drift’s access to its Salesforce environment and rotated other API access tokens as a precautionary measure.

Working closely with Salesforce, Zscaler launched a comprehensive investigation to assess the full scope of the incident while implementing additional safeguards and strengthening security protocols.

The company also initiated a third-party risk management review of all vendor relationships and enhanced customer authentication procedures for support interactions.

The incident highlights the growing risks associated with third-party integrations in enterprise environments.

Salesloft Drift’s compromise affected numerous Salesforce customers beyond Zscaler, demonstrating how supply chain attacks can cascade across multiple organizations through shared service providers.

Zscaler has advised customers to remain vigilant against potential phishing attempts that could exploit the exposed contact information.

The company emphasized that legitimate Zscaler support staff will never request authentication credentials through unsolicited communications and urged customers to verify the source of any unexpected contact requests.

Customers experiencing suspicious activity or requiring additional support can contact Zscaler through official channels at help.zscaler.com.

The company has committed to providing ongoing updates as the investigation progresses and any new developments emerge.

This breach serves as another reminder of the critical importance of securing third-party integrations and maintaining robust vendor risk management programs in today’s interconnected business environment.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.