In late August, hackers gained access to the inner workings of an AI chatbot platform, and since then they’ve been using this access to break into other apps, from Salesforce to Google Workspace, that companies have integrated with the chatbot.

Drift, a chatbot agent acquired by Salesloft, is popular with American sales and marketing teams. It integrates with third-party apps to convert website visitors into sales leads. While it’s currently unclear how the attackers broke into Salesloft Drift, once there, they stole authentication tokens that gave them access to Salesforce, Google Workspace, Slack, Amazon S3, Microsoft Azure, OpenAI, and potentially any other platform that integrates with Salesloft.

If your company uses Drift, Salesloft, or Salesforce integrations, you might be affected by this breach. Security researchers recommend that you revoke all OAuth tokens immediately and audit connected apps. Don’t wait for confirmation of compromise — assume it and act now.

If you don’t, attackers could use these tokens to access your online environments.

Salesloft Drift attack timeline

Salesloft first disclosed a security issue affecting Drift integrations(neues Fenster) on August 20.

On August 26, Google’s Threat Intelligence Group released findings(neues Fenster) confirming that attackers had exploited OAuth tokens stolen from Salesloft to access Salesforce instances and exfiltrate large amounts of data.

On August 28, Google added an update that the attackers had used these access tokens to also access the emails of “a very small number of Google Workspace accounts” that had Drift integrations and noted that this hack affects nearly all Drift integrations. The Google claims that valid authentication tokens were also stolen for Slack, Amazon S3, Microsoft Azure, and OpenAI.

As a result, Google and Salesforce have temporarily disabled their Drift integrations.

On September 1, Zscaler confirmed it had been compromised(neues Fenster) using OAuth and refresh tokens stolen in the Drift attack. The attackers broke into its Salesforce instance and stole sensitive customer information, including names, emails, job titles, Zscaler product usage information, and more.

This follows another recent attack on Salesforce instances that has led to a surge in phishing attacks against Gmail and Google Workspace users. According to Krebs Security(neues Fenster), there is disagreement about whether the two attacks are related.

What is a supply chain attack?

A supply chain attack is when attackers go after a third-party vendor to break into an organization’s system. In this case, attackers didn’t breach Gmail or Salesforce directly — they compromised OAuth tokens from Drift integrations to access connected systems.

One of the most infamous recent examples of a supply chain attack is what happened with SolarWinds in 2020(neues Fenster). SolarWinds is a major software provider for network management. Suspected Russian-backed hackers attacked SolarWinds, implanting malware into its code, which was then spread to more than 30,000 public and private organizations during a standard update. It was likely the largest supply chain attack ever.

Why AI chatbots will continue to be targets

The rush to integrate AI agents like Drift into countless workflows across all sorts of companies has made it difficult for cybersecurity teams to do their jobs, and AI companies have thus far proven to be vulnerable to supply chain attacks(neues Fenster). Given the acceleration of AI adoption, the newness of the technology, and the fact that everyone is learning on the fly(neues Fenster), these attacks will only become more common.

Until the AI ecosystem matures, the safest move is to minimize access, limit integrations, and use platforms that are designed for zero trust. Hackers will always look to target perceived weaknesses in a company’s security perimeters. Integrations, third-party platforms, and external consultants are often seen as attractive targets. Learn more about data breach prevention for businesses.