Salesforce customers woke up to another supply-chain nightmare this week: data theft campaigns exploiting OAuth tokens from the Drift AI chat integration provided by Salesloft.
According to Google’s Threat Intelligence team, the attackers compromised Drift, harvested Salesforce OAuth tokens at scale, and then used scripted tools to systematically exfiltrate customer records. Victims included enterprises across finance, HR, and SaaS, from Rubrik to Workday, showing just how quickly a single integration can become a systemic entry point.
Enterprise Security for AI Agents & Non-Human Identities
Abused NHI at Scale: The Anatomy of the Breach
1. Initial Compromise
The campaign began with attackers targeting Drift, the AI-powered chat tool owned by Salesloft, which many organizations had connected to Salesforce. By exploiting weaknesses in the integration, the threat actor was able to create new OAuth tokens on behalf of Drift. These tokens essentially acted as “skeleton keys” into customer Salesforce environments. From that moment on, every organization that trusted Drift became part of a shared blast radius. Not because Salesforce itself was vulnerable, but because one of its connected NHIs was turned against it.
2. Pivot
Once in possession of the OAuth tokens, attackers moved laterally. Each token granted long-lived, high-privilege API access into Salesforce instances. Unlike human users, these non-human identities weren’t gated by MFA, device posture checks or security awareness. To Salesforce, the Drift app looked legitimate, it had been approved by the customer’s admin, and its permissions were already baked into OAuth scopes. This pivot shows the posture risk of third-party SaaS apps acting as invisible super-users, holding broad entitlements without visibility or governance.
3. Automation
The attackers didn’t stop at a few compromised tokens. They industrialized the breach by feeding the stolen tokens into Python-based scraping tools that systematically pulled records at scale. Data wasn’t stolen slowly or subtly, it was extracted in bulk, with the speed and efficiency of a bot farm. This stage highlights how quickly an exposed secret can be operationalized once in adversary hands. In fact, Google Threat Intelligence noted that the campaign shows all the known IOCs of UNC6395, a financially motivated threat actor group with experience in automating data theft at volume.
4. Fallout
By August 20, Salesforce itself had intervened, disabling Drift integrations across the board to contain the incident. Organizations like Rubrik and Workday were forced to issue their own breach notices, acknowledging that customer or HR data had been exposed. Salesloft revoked compromised tokens and pulled the Drift app offline. Yet for hundreds of Salesforce tenants, the damage was already done: secrets and NHIs that had been trusted to broker AI-powered customer interactions became the entry point through which attackers walked out with potentially sensitive data.
Why It Matters for your NHI Security Program
This wasn’t just a Salesforce “bug.” It was a secrets and identity governance failure: a compromised non-human identity ( of the Drift app) became a super-user across hundreds of tenants. Every OAuth app is, effectively, a non-human identity (NHI), with its own secrets, entitlements, and lifecycle.
In this case:
- Drift’s OAuth tokens lived far longer than they should have.
- Salesforce customers had little visibility into which apps were connected, what data they could touch, or how to revoke them quickly.
- The compromised tokens bypassed MFA, SSO, and most of the controls that protect human logins.
And the blast radius didn’t stop there: Salesforce often stores credentials for production systems, think AWS, Azure, GCP, and other critical services. If attackers exfiltrated these documents, they could pivot directly into cloud environments. Secrets in plaintext within Salesforce become not just a CRM risk, but a cross-platform breach enabler.
Entro’s Burning Hot Take
Unfortunately for the affected organizations, but fortunately for the security community (and our company’s cause) this breach is a textbook example of why securing your NHIs is no longer optional.
- Discovery & inventory: As the cliche goes, you can’t defend what you can’t see. Every OAuth app, service account, or API key must be mapped and owned.
- Context: Permissions, purpose, and data access need to be continuously analyzed. Otherwise, an “AI chatbot” can silently become your largest insider threat.
- Detection & Response: Secrets should rotate. And when anomalies are detected (like mass API pulls from a Drift token), they must trigger alerts and remediations in real-time (see NHIDR™).
Get a demo and keep AI agents, OAuth apps, and service accounts from becoming your next breach headline.
