Google Threat Intelligence Group (GTIG) has issued an advisory concerning a broad data theft operation targeting corporate Salesforce instances via the Drift integration. Beginning as early as August 8, 2025, UNC6395 leveraged valid access and refresh tokens associated with the Salesloft Drift app to connect as an authenticated connected app user, executing large-scale SOQL queries […]

The post Hackers Abuse Compromised OAuth Tokens to Access and Steal Salesforce Corporate Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Source: gbHackers
Source Link: https://gbhackers.com/hackers-abuse-compromised-oauth-tokens/