Google: Salesloft AI Agent Data Breach Escalates Significantly
▼ Summary
– Google has advised users of the Salesloft Drift AI chat agent to treat all connected security tokens as compromised due to unauthorized access of Google Workspace emails.
– The company has revoked the breached tokens and disabled the integration between Salesloft Drift and Workspace accounts while investigating further.
– The scope of the breach is broader than initially reported, now affecting more than just the Salesforce integration with Salesloft Drift.
– Google’s Threat Intelligence Group updated its assessment, indicating the compromise impacts all integrations with the Drift platform.
– Salesloft’s security guidance did not reflect the expanded scope, and the company did not immediately respond to confirm Google’s findings.
Google has issued a critical security alert to users of the Salesloft Drift AI chat agent, urging them to treat all security tokens linked to the platform as compromised. This warning follows an investigation revealing that unauthorized actors leveraged stolen credentials to access emails from Google Workspace accounts. The tech giant has taken immediate action by revoking affected tokens and suspending the integration between Salesloft Drift and Workspace while the incident undergoes further review. All impacted account holders have been formally notified of the security exposure.
The situation has escalated significantly since the initial report earlier this week. What was first believed to be a limited breach involving only Salesloft Drift’s integration with Salesforce has now expanded to include other connected services. Google’s Threat Intelligence Group uncovered new evidence indicating a wider compromise, prompting this revised and more urgent advisory.
In an updated statement, Google emphasized that the threat is not confined to Salesforce and advised all customers using Salesloft Drift to assume that any authentication tokens stored within or associated with the Drift environment may have been exposed. Despite Google’s public warning, Salesloft’s own security guidance had not yet been updated to reflect the broader impact at the time of the announcement. The company did not provide an immediate response to requests for confirmation regarding Google’s findings.
(Source: Ars Technica)
