Zscaler hit by cyberattack
Incident
Summary
Hide ▲
Show ▼
Zscaler confirmed a data breach in its Salesforce instance, where unauthorized actors obtained customer information and some support case content. The exposed records included contact details, regional information, and product licensing data, creating phishing and social-engineering risk. Zscaler said the impact was limited to its Salesforce environment and that no products, services, or infrastructure were affected.
Cases
Related Happenings
ShinyHunters Salesforce extortion campaign against global companies in 2025
Campaign
First: 15.01.2026 17:45
Last: 15.01.2026 17:45
Sources 1
About this happening:
The **ShinyHunters** campaign now includes a **Qantas** breach disclosed after the airline found a **June 30, 2025** intrusion in a **third-party platform** used by one customer s...
ShinyHunters Salesforce extortion campaign against global companies in 2025
CampaignAbout this happening: The **ShinyHunters** campaign now includes a **Qantas** breach disclosed after the airline found a **June 30, 2025** intrusion in a **third-party platform** used by one customer s...
UNC6040 / ShinyHunters Salesforce vishing campaign
Campaign
First: 02.10.2025 00:17
Last: 02.10.2025 00:17
Sources 1
About this happening:
**UNC6040 / ShinyHunters** is running a **vishing-based Salesforce campaign** that has now been tied to **Workiva**. Workiva said attackers used a **third-party CRM system** to st...
UNC6040 / ShinyHunters Salesforce vishing campaign
CampaignAbout this happening: **UNC6040 / ShinyHunters** is running a **vishing-based Salesforce campaign** that has now been tied to **Workiva**. Workiva said attackers used a **third-party CRM system** to st...
Workiva customer data exposure from third-party CRM
Data Leak
First: 03.09.2025 19:40
Last: 03.09.2025 19:40
Sources 1
About this happening:
Workiva confirmed **customer data theft** from a **third-party CRM**, exposing a limited set of contact details and support ticket content tied to affected customers. The company...
Workiva customer data exposure from third-party CRM
Data LeakAbout this happening: Workiva confirmed **customer data theft** from a **third-party CRM**, exposing a limited set of contact details and support ticket content tied to affected customers. The company...
Salesloft Drift Salesforce data exfiltration via OAuth token abuse
Data Leak
First: 27.08.2025 12:39
Last: 27.08.2025 12:39
Sources 1
How related:
"As part of this campaign, unauthorized actors gained access to Salesloft Drift credentials of its customers including Zscaler," reads Zscaler's advisory.
About this happening:
A **Salesloft Drift** compromise led to **data exfiltration** from connected **Salesforce customer instances** in **August 2025**, with attackers using **compromised OAuth tokens*...
Salesloft Drift Salesforce data exfiltration via OAuth token abuse
Data LeakHow related: "As part of this campaign, unauthorized actors gained access to Salesloft Drift credentials of its customers including Zscaler," reads Zscaler's advisory.
About this happening: A **Salesloft Drift** compromise led to **data exfiltration** from connected **Salesforce customer instances** in **August 2025**, with attackers using **compromised OAuth tokens*...
Latest development: 03.10.2025 17:16
Scattered Lapsus$ Hunters launched a new data leak site to extort 39 companies affected by Salesforce breaches, posting samples of data allegedly stolen from victims' Salesforce instances and warning them to contact the group before an October 10 deadline. Scattered Lapsus$ Hunters also added a separate demand that Salesforce pay a ransom to stop disclosure of roughly 1 billion records containing personal information.
Allianz Life hit by data theft breach
Incident
First: 19.08.2025 10:17
Last: 19.08.2025 10:17
Sources 1
About this happening:
**Allianz Life** finished investigating a **July 16, 2025** cloud compromise and says **1,497,036 people** are impacted after a threat actor accessed a **third-party cloud-based C...
Allianz Life hit by data theft breach
IncidentAbout this happening: **Allianz Life** finished investigating a **July 16, 2025** cloud compromise and says **1,497,036 people** are impacted after a threat actor accessed a **third-party cloud-based C...
Latest development: 19.08.2025 15:47
On Monday, Have I Been Pwned said the Allianz Life breach exposed names, email addresses, genders, dates of birth, phone numbers, and physical addresses for 1.1 million customers, and Allianz Life confirmed that some selected employees were also affected while the investigation continued.
Timeline
-
01.09.2025 20:00 2 articles · 8mo ago
Zscaler discloses Salesforce data exposure after Salesloft Drift compromise
Initial DisclosureZscaler says its Salesforce instance was impacted after unauthorized actors gained access to Salesloft Drift credentials tied to the company, allowing limited access to some Salesforce information. The exposed data includes names, business email addresses, job titles, phone numbers, regional/location details, Zscaler product licensing and commercial information, and content from certain support cases. Zscaler says the impact is limited to its Salesforce environment, with no Zscaler products, services, or infrastructure affected, and says it detected no misuse while revoking all Salesloft Drift integrations, rotating other API tokens, and strengthening customer authentication checks for support calls.
Show sources
- Zscaler data breach exposes customer info after Salesloft Drift compromise — www.bleepingcomputer.com — 01.09.2025 20:00
- Zscaler data breach exposes customer info after Salesloft Drift compromise — www.bleepingcomputer.com — 01.09.2025 20:00