Inside the SalesLoft Breach

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/87/c2/f8/87c2f8ef-8e03-63a6-264f-698f5239d96e/mza_17716733432111276097.jpg/600x600bb.jpg

Threat Talks - Your Gateway to Cybersecurity Insights

Threat Talks

97 episodes

2 days ago

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

Tech News

News

RSS

All content for Threat Talks - Your Gateway to Cybersecurity Insights is the property of Threat Talks and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Tech News

News

https://img.transistor.fm/BEiDRoFZY0rE6u3U46aUHXVLANgImeDyjgo22A0bdBw/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yMDIy/N2UyMmNlMzJjZDFi/ODY4ZTYyMWIxYWU0/MjU4Mi5wbmc.jpg

Inside the SalesLoft Breach

Threat Talks - Your Gateway to Cybersecurity Insights

21 minutes

2 days ago

Inside the SalesLoft Breach

You were promised safe SaaS - but got silent data loss.
In Inside the Salesloft Breach, Rob Maas and Luca Cipriano expose how trusted integrations became the attack vector.

They trace how vishing calls, trojanized Salesforce tools, and GitHub-to-AWS pivots gave attackers OAuth access and drained CRMs without a single alert. You’ll hear how Drift integrations and bulk SOQL queries quietly moved data out of sight, while audit trails and API metadata disappeared.
If you need provable control over data exfiltration and a narrative your board will understand, this is your playbook.

Turn Zero Trust from slogan to stop - with IP allowlists, app inventories, token telemetry, and shared responsibility that actually blocks abuse at the source.

(00:00) - Cloud first did not mean data safe.
(00:45) - What Salesforce is and why attackers target it.
(02:00) - Campaign one. Vishing and a trojanized data loader to OAuth access.
(04:15) - Campaign two. Salesloft and Drift path from GitHub to AWS to Salesforce tokens.
(07:00) - Impact and cover up. 700 plus orgs hit and API job metadata removed.
(09:10) - Who was involved. ShinyHunters, Scattered Spider, Lapsus, and legal fallout.
(11:00) - Zero Trust actions. IP allowlisting, app inventory, token monitoring, staff education, shared responsibility.

Key Topics Covered:
• How one sign-in token became a master key for your CRM.
• The attacker’s route: from code repo → cloud → Salesforce → data exfiltration.
• What shared responsibility means in SaaS — and what’s actually on you.
• What truly stops it: trusted apps only, IP allowlists, short-lived tokens, and continuous monitoring.

Found value and want outcome focused guidance every week?
Subscribe to Threat Talks, turn on notifications and add your questions for the next deep dive

Guest and Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Luca Cipriano (Cyber Threat Intelligence Program Lead, ON2IT): https://www.linkedin.com/in/luca-c-914973124/

Click here to view the episode transcript.

Additional resources:
Threat Talks https://threat-talks.com/
ON2IT https://on2it.net/?
AMS IX https://www.ams-ix.net/ams
Salesforce https://www.salesforce.com/
Salesloft https://www.salesloft.com/
Drift https://www.drift.com/
Okta https://www.okta.com/
Have I Been Pwned https://haveibeenpwned.com/

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: / @threattalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUE...
► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX