SalesLoft Drift Security Incident

Issue:

Secure Code Warrior is aware of a recently discovered widespread supply-chain cyberattack that targeted  Salesforce customer instances. By compromising the integration between Drift (acquired by Salesloft) and Salesforce, malicious threat actors gained access to OAuth tokens, which allowed attackers to exfiltrate sensitive data from customer Salesforce instances, as well as other connected systems like Google Workspace and Slack.

This security incident, tracked by Google's Threat Intelligence Group as UNC6395

Impact:

Secure Code Warrior has assessed our internal environment and can confirm we are NOT impacted by this incident.  While we previously utilized the Drift platform, our use was formally decommissioned, and all system integrations were verifiably removed in December 2022. This process severed all data and system connectivity, mitigating any residual risk from our prior use of the service.