Cybersecurity giant Zscaler has allegedly fallen victim to a significant data breach stemming from a supply-chain attack that compromised one of its third-party vendors, Salesloft. The incident has reportedly led to the exposure of sensitive customer information. Zscaler, a San Jose, California-based company, is a major player in cloud security, providing services to thousands of organizations worldwide to secure their internet traffic and internal applications.
The breach was initiated through the compromise of Salesloft’s Drift, a popular marketing and sales engagement platform. Threat actors, identified as a group tracked as UNC6395, allegedly leveraged stolen OAuth tokens from the Drift service to gain unauthorized access to Zscaler’s Salesforce environment. This access allowed the attackers to exfiltrate a range of customer data. Zscaler has stated that the breach was limited to its Salesforce instance and did not impact its core products, services, or infrastructure.
The compromised information allegedly includes a variety of customer data. While a complete list has not been officially disclosed, the exposed data is reported to include:
- Names
- Business email addresses
- Job titles
- Phone numbers
- Regional/location details
- Zscaler product licensing and commercial information
- Content from certain support cases
In response to the incident, Zscaler has revoked all integrations with Salesloft Drift, rotated API tokens, and enhanced its customer authentication protocols for support. The company is actively investigating the breach and has emphasized that it has not observed any misuse of the stolen information. However, customers are advised to be vigilant against potential phishing and social engineering attacks that could leverage this data.
