Palo Alto Networks has confirmed a data breach that exposed customer information and support case details after attackers exploited stolen OAuth tokens.
The incident is linked to the wider Salesloft Drift breach that compromised multiple Salesforce environments.
According to Palo Alto Networks, attackers used the stolen tokens to access its Salesforce instance and extract customer data.
The exposed information includes business contact details, account records, and support tickets. Some support cases may have contained sensitive data such as IT credentials, cloud tokens, and VPN or SSO login details.
Investigators found that the hackers relied on automated tools to pull data and even deleted logs to hide their tracks. They also routed activity through Tor for anonymity. Palo Alto Networks said it has since disabled the compromised integration, revoked all tokens, and rotated credentials. The company stressed that no internal systems or products beyond Salesforce were affected.
The cybersecurity firm is directly notifying affected customers and advising them to review their Salesforce logs, revoke potentially compromised credentials, and check for exposed secrets.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
