All news with #oauth tokens tag

FBI FLASH: UNC6040 and UNC6395 Target Salesforce

🔔 The FBI issued a FLASH advisory linking two threat clusters, UNC6040 and UNC6395, to intrusions of corporate Salesforce environments that resulted in data theft and extortion. Early campaigns relied on social engineering and malicious Data Loader OAuth apps to mass-exfiltrate Accounts and Contacts, while later activity used stolen Salesloft/Drift OAuth and refresh tokens to access support cases and harvest secrets. Multiple large enterprises were impacted and the FBI released IOCs to help organizations detect and mitigate compromise.