Think the Salesforce Drift event is just gonna blow over? Look again

The recent Salesforce–Salesloft Drift OAuth token compromise has impacted a wide range of companies—many of them industry leaders. Most importantly many of them are key players in the Security space!

Threat actor UNC6395 exploited token drift to bypass MFA and access sensitive CRM data.

Here’s a breakdown of confirmed impacted companies, ordered by annual revenue:

Top Enterprises Affected:

• IBM – $60B+

• 3M – $33B+

• Palo Alto Networks – $7B+

• Cloudflare, Okta, Tanium, Rubrik, Proofpoint, CyberArk, BeyondTrust, JFrog, Workiva, Cato Networks, Bugcrowd, Heap, Sigma Computing, Esker, SpyCloud, Megaport

That list should keep you up at night. Why?

3M? IBM? Nope.

Look again. Ask Claude or ChatGPT to correlate.

No?

13 companies on the list are cybersecurity or authentication-focused.

What was accessed?

• Business contact info

• Support case metadata

• API tokens (AWS, Snowflake)

• CRM records

What’s does this mean?

Without a whole lot of effort, some key Security and Identity dominos have been tipped.

This is what I meant about “cascading”.

#CyberSecurity #Salesforce #OAuth #DataBreach #ZeroTrust #SaaS #DriftEvent #Salesloft #IncidentResponse #SecurityLeadership #CISO #BreachAnalysis

The cheapest, fastest, most accurate threat feed on the internet.

275+ enterprises pulling daily. 1M+ IOCs. 17.4M indexed documents. We beat Zscaler by 43 days on NrodeCodeRAT. Starter tier $9/mo — less than any competitor’s sales demo.

Look up an IOC → · Audit your brand on AIPM → · See pricing →