🏠

Data Breach Nightmare 😱: Salesforce & 1.5B Records! 💥

Tech

🎧English flagFrench flagGerman flagSpanish flag

Grubhub Hit by Massive Data Breach – 1.5 Billion Records Exposed
Grubhub has confirmed a significant security breach, resulting in the theft of approximately 1.5 billion data records. The incident, initially uncovered by Google’s Threat Intelligence team, involved unauthorized access to sensitive information held by the company.

Mandiant Assists in Containing the Threat
To address the crisis, Grubhub has enlisted the expertise of the third-party cybersecurity firm, Mandiant, via their Threat Intelligence team. Furthermore, law enforcement agencies have been formally notified of the breach, indicating the seriousness of the situation and coordinated efforts to investigate.

Salesloft and Drift Attacks Led to Initial Compromise
The breach’s origins trace back to attacks targeting Salesloft and Drift data. Specifically, stolen OAuth tokens were exploited, granting attackers access to a vast amount of user information.

Salesforce Data Severely Impacted – 760 Companies Affected
The compromised data included information from 760 companies, utilizing Salesforce’s “Account,” “Contact,” “Case,” “Opportunity,” and “User” object tables. This highlights the breadth of the attack and the potential vulnerability of Salesforce clients.

ShinyHunters Demands Ransom – Older Data at Risk
The cybercrime group, ShinyHunters, is actively demanding a Bitcoin payment to prevent the release of older Salesforce data stolen in February 2023. This demonstrates a coordinated extortion attempt aimed at further disrupting impacted organizations.

Google Threat Intelligence Tracks Further Attacks
Following the initial breach, Google’s Threat Intelligence team observed the UNC6395 group leveraging the stolen data for subsequent attacks. These efforts targeted Amazon Web Services (AWS) access keys (AKIA), passwords, and Snowflake-related access tokens, expanding the potential scope of the damage.

Immediate Action Required – Rotate Affected Tokens
Organizations impacted by the Salesloft and Drift breaches must immediately rotate all affected access tokens and secrets to mitigate the risk of further exploitation. Prompt action is crucial to limit the ongoing damage.

This article is AI-synthesized from public sources and may not reflect original reporting.